Description
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
Remediation
References
http://www.securityfocus.com/bid/102809
https://jenkins.io/security/advisory/2018-01-22/
Related Vulnerabilities
CVE-2022-1291 Vulnerability in maven package org.webjars.bowergithub.hhurz:tableexport.jquery.plugin
CVE-2023-25766 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials
CVE-2023-5654 Vulnerability in npm package react-devtools
CVE-2017-10355 Vulnerability in maven package xerces:xercesimpl
CVE-2019-6286 Vulnerability in maven package org.webjars.npm:node-sass