[org.jenkins-ci.plugins:database] CSRF vulnerability in Jenkins Database Plugin

Database Plugin 1.6 and earlier does not require POST requests for the database console, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to execute arbitrary SQL scripts.

Database Plugin 1.7 removes the database console.

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-2240
• https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1023
• http://www.openwall.com/lists/oss-security/2020/09/01/3
• https://github.com/advisories/GHSA-jf9j-hx2j-m9xh