CVE-2020-2280

Name of the Vulnerable Software and Affected Versions Jenkins Warnings Plugin versions 5.0.1 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to execute arbitrary code. This issue arises because the plugin does not require POST requests for a form validation method intended for testing custom warnings parsers.

Recommendations For Jenkins Warnings Plugin versions 5.0.1 and earlier, update to version 5.0.2 or later, which requires POST requests for the affected form validation method, thus mitigating the CSRF vulnerability.