Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.jenkins-ci.plugins:translation(Maven) | 0 | 1.16 | N/A |
CVSS Metrics
