-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:cas-plugin | maven | <= 1.4.1 | 1.4.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the doCheckCasServerUrl method in CasSecurityRealm.java. The commit diff shows two critical fixes: 1) Addition of @RequirePOST annotation to enforce POST requests, and 2) A permission check for Jenkins.ADMINISTER. Prior to these fixes, the method was accessible via GET requests with only Overall/Read permissions, allowing SSRF exploitation. The config.jelly patch further enforces POST validation client-side. This matches the CVE description of unauthenticated SSRF/CSRF via form validation endpoints.
A Semantic Attack on Google Gemini - Read the Latest Research