A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
{
"nvd_published_at": "2019-04-04T16:29:00Z",
"severity": "MODERATE",
"cwe_ids": [
"CWE-352"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-09T22:19:55Z"
}