[org.jvnet.hudson.plugins:favorite] Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification.

References

• https://nvd.nist.gov/vuln/detail/CVE-2017-1000244
• https://jenkins.io/security/advisory/2017-06-06/
• https://github.com/advisories/GHSA-jqwh-jrpg-5j3h