Cross-Site Request Forgery (CSRF)

org.jenkins-ci.plugins:elasticbox is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to not requiring POST requests for HTTP endpoints, allowing an attacker to connect to nefarious URLs using credentials obtained in another way, resulting in stealing credentials from Jenkins’ saved credentials.