Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database.
[
{
"defaultStatus": "unknown",
"product": "Jenkins Lucene-Search Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "387.v938a_ecb_f7fe9",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]