A cross-site request forgery vulnerability in Jenkins iceScrum Plugin prior to version 1.1.6 allows attackers to connect to an attacker-specified URL using attacker-specified credentials. This issue is patched in version 1.1.6
References
https://nvd.n…