Several administration/configuration related URLs could be accessed using GET, which allowed attackers to circumvent CSRF protection. This could allow unprivileged attackers to perform some administrative actions via CSRF.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09