Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints.
This allows attackers to perform the following actions:
Through carefully chosen configuration parameters, these actions can result in OS command injection on the Jenkins controller.