Cross-site Request Forgery (CSRF)
Affecting io.jenkins.plugins:warnings-ng artifact, versions [,5.0.2)Report new vulnerabilities
io.jenkins.plugins:warnings-ng is a collects compiler warnings or issues reported by static analysis tools and visualizes the results.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). Warnings Plugin does not require POST requests for a form validation method intended for testing custom warnings parsers, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to execute arbitrary code.
io.jenkins.plugins:warnings-ng to version 5.0.2 or higher.