Cross-site Request Forgery (CSRF)
Affecting org.jenkins-ci.plugins:slack artifact, versions [,2.20)
org.jenkins-ci.plugins:slack is a jenkins plugin for posting notifications to a Slack channel.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). It allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
org.jenkins-ci.plugins:slack to version 2.20 or higher.