Cross-Site Request Forgery (CSRF)
A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.
Advisories for Maven/Org.6wind.jenkins/Lockable-Resources package
2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.