[org.jenkins-ci.plugins:icescrum] Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery

A cross-site request forgery vulnerability in Jenkins iceScrum Plugin prior to version 1.1.6 allows attackers to connect to an attacker-specified URL using attacker-specified credentials. This issue is patched in version 1.1.6

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-10441
• https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484
• https://github.com/jenkinsci/icescrum-plugin/commit/2e248f7e2cfc5deb2d796f9fbaf42d8ea33ccad4
• https://github.com/advisories/GHSA-rxvx-9wg5-qpww