ASA-2019-00093 – Jenkins: Cross-Site Request Forgery (CSRF) vulnerability in Git Plugin

Git Plugin allows the creation of a tag in a job workspace’s Git repository with accompanying metadata attached to a build record. The HTTP endpoint to create the tag did not require POST requests, resulting in a CSRF vulnerability. The HTTP endpoint to create the tag now requires that requests are sent via POST.