Jenkins CRX Content Package Deployer Plugin 1.8.1 Cross-Site Request Forgery (CSRF) Vulnerability
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect.
The information has been provided by Daniel Beck
The original article can be found at: https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)
An attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins CRX Content Package Deployer Plugin 1.8.1