Jenkins GitHub Integration Plugin has a cross-site request forgery (CSRF) vulnerability
Jenkins GitHub Integration Plugin 0.7.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to trigger a build for a pull request. GitHub Integration Plugin 0.7.4 requires POST requests for the affected HTTP endpoint.