A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.
This form validation method requires appropriate permission in Fortify on Demand Plugin 6.0.0.
{ "nvd_published_at": "2020-07-02T15:15:00Z", "cwe_ids": [ "CWE-352" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-12-28T23:51:13Z" }