Cross-site Request Forgery (CSRF)
Affecting org.jkva.maven-plugins:cascading-release-maven-plugin artifact, versions [0,)Report new vulnerabilities
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). It does not perform permission checks in several HTTP endpoints.This allows attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.Additionally, these endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.As of publication of this advisory, there is no fix.
There is no fixed version for