[com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger] Cross-site request forgery in Jenkins Gerrit Trigger Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-24423
• https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2137
• https://github.com/advisories/GHSA-95jq-24cr-pgrq