Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier does not require POST requests for a form validation endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to connect to an attacker-specified URL.
GitLab Branch Source Plugin 688.v5fa_356ee8520 requires POST requests for the affected form validation endpoint.
{ "nvd_published_at": "2024-01-24T18:15:09Z", "cwe_ids": [ "CWE-352" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-24T21:50:26Z" }