Description
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/05/06/3
https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1094
Related Vulnerabilities
CVE-2019-0200 Vulnerability in maven package org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol
CVE-2020-14060 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2017-5617 Vulnerability in maven package com.metsci.ext.com.kitfox.svg:svg-salamander
CVE-2022-36910 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search
CVE-2019-10785 Vulnerability in maven package org.webjars.bower:dojox