Advisories for Maven/Io.jenkins.plugins/Dependency-Track package

A missing permission check in Jenkins OWASP Dependency-Track Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.