Launchpad.net

CVE 2019-10304

A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.

See the CVE page on Mitre.org for more details.