Jenkins Extensible Choice Parameter Plugin vulnerable to cross-site request forgery
Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to execute sandboxed Groovy code. As of publication of this advisory, there is no fix.