Description
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/12/17/1
https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681
Related Vulnerabilities
CVE-2023-27564 Vulnerability in npm package n8n
CVE-2019-13343 Vulnerability in maven package com.butor:portal
CVE-2023-24997 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2023-39153 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth
CVE-2019-16763 Vulnerability in maven package org.webjars.npm:pannellum