CVE-2019-10359

GHSA-r4rv-cq77-6p24, CVE-2019-10359

maven/org.jenkins-ci.plugins.m2release/m2release

Cross-Site Request Forgery (CSRF)

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.

All versions before 0.15.0

Upgrade to version 0.15.0 or above.

2023-02-03