GHSA-48G9-H7G5-8PW2 Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery
Convert To Pipeline Plugin 1.0 and earlier does not require POST requests for the HTTP endpoint converting a Freestyle project to Pipeline, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create a Pipeline based on a Freestyle project. Combined...