CVE-2020-2184

Name of the Vulnerable Software and Affected Versions Jenkins CVS Plugin versions 2.15 and earlier

Description A cross-site request forgery issue allows attackers to create and manipulate tags, and to connect to an attacker-specified URL, by exploiting HTTP endpoints that do not require POST requests. This enables attackers to perform unauthorized actions.

Recommendations For Jenkins CVS Plugin versions 2.15 and earlier, update to version 2.16 or later, which requires POST requests for the affected HTTP endpoints, mitigating the cross-site request forgery risk.