CVE-2020-2281

Name of the Vulnerable Software and Affected Versions Jenkins Lockable Resources Plugin versions 2.8 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to reserve, unreserve, unlock, and reset resources. This issue arises because the plugin does not require POST requests for several HTTP endpoints, making it vulnerable to CSRF attacks. The vulnerability enables attackers to perform unauthorized actions on resources.

Recommendations For Jenkins Lockable Resources Plugin versions 2.8 and earlier, update to version 2.9 or later, which requires POST requests for the affected HTTP endpoints, thereby mitigating the CSRF vulnerability.