-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from two key issues: 1) Missing CSRF protection (@RequirePOST) on form validation endpoints, and 2) Insufficient permission checks (Item.CONFIGURE/Jenkins.ADMINISTER). The commit diff shows these functions were patched by adding @RequirePOST annotations and explicit permission checks. Functions like doTestConnection and getCredential handled sensitive operations without proper authorization, allowing attackers to exfiltrate credentials. The JCloudsCloud.provision endpoint's missing CSRF protection enabled unauthorized provisioning requests. These changes directly correlate to the CVE description of unauthorized credential access and CSRF vulnerabilities.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:openstack-cloud | maven | <= 2.35 | 2.37 |
A Semantic Attack on Google Gemini - Read the Latest Research