GHSA-pwvj-6phx-qv8c, CVE-2018-1000014
maven/org.jenkins-ci.plugins/translation
Cross-Site Request Forgery (CSRF)
Jenkins Translation Assistance Plugin 1.15 and earlier does not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
All versions up to 1.15
Upgrade to version 1.16 or above.
2024-01-31
source |