GHSA-998M-F2X3-JJQ4 CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files
Jenkins Config File Provider Plugin 3.7.0 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to delete configuration files corresponding to an attacker-specified ID. This is due to an...