Cross-site Request Forgery (CSRF)
Affecting org.jenkins-ci.plugins:tfs artifact, versions [0,]Report new vulnerabilities
org.jenkins-ci.plugins:tfs is a plugin that triggers a release in Azure DevOps, through a post-build step in Jenkins.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). It does not perform a permission check in an HTTP endpoint. This allows attackers with overall/read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Additionally, this HTTP endpoint does not require
There is no fixed version for