Cross-site Request Forgery (CSRF)
Affecting org.jenkins-ci.plugins:jclouds-jenkins artifact, versions [,2.15)
org.jenkins-ci.plugins:jclouds-jenkins is a plugin that uses JClouds to provide slave launching on most of the currently usable Cloud infrastructures.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF).
The plugin does not perform permission checks on a method implementing form validation. This form validation method did not require POST requests. This allows users with
Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
org.jenkins-ci.plugins:jclouds-jenkins to version 2.15 or higher.