Jenkins Claim Plugin 2.18.1 and earlier does not require POST requests for the form submission endpoint assigning claims, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to change claims.
Jenkins Claim Plugin 2.18.2 requires POST requests for the affected HTTP endpoint.