CVE-2021-21655

Name of the Vulnerable Software and Affected Versions Jenkins P4 Plugin versions 1.11.4 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. The issue is mitigated in version 1.11.5, which requires POST requests for the affected HTTP endpoints.

Recommendations For Jenkins P4 Plugin versions 1.11.4 and earlier, update to version 1.11.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected HTTP endpoints to minimize the risk of exploitation.