Jenkins Assembla Auth Plugin 1.14 and earlier does not implement a state parameter in its OAuth flow, a unique and non-guessable value associated with each authentication request.
This vulnerability allows attackers to trick users into logging in to the attackerâs account.Read More