A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and previous versions allows malicious users to delete previously created Bazaar SCM tags.
jenkins bazaar