A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.

CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF