GHSA-r4rv-cq77-6p24, CVE-2019-10359
maven/org.jenkins-ci.plugins.m2release/m2release
Cross-Site Request Forgery (CSRF)
A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.
All versions before 0.15.0
Upgrade to version 0.15.0 or above.
2023-02-03
source |