A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin