Description
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/12/17/1
https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681
Related Vulnerabilities
CVE-2019-10317 Vulnerability in maven package org.jvnet.hudson.plugins:sitemonitor
CVE-2016-5003 Vulnerability in maven package org.apache.xmlrpc:xmlrpc
CVE-2022-36157 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2020-27666 Vulnerability in npm package strapi-plugin-content-manager
CVE-2023-30530 Vulnerability in maven package org.jenkins-ci.plugins:consul-kv-builder