jenkins-plugin-git: CSRF vulnerability allows capturing credentials (SECURITY-528)
The Git Plugin can leak credentials username and password used to access a git repo if an attacker-supplied URL is provided to the plugin. To supply the URL to the plugin, the attacker would need to guess a username/password ID and then trick a developer into following a specific URL...