-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe key vulnerability stemmed from the doCheckURL form validation method making actual HTTP requests to user-controlled URLs. The commit diff shows this method originally contained code that created a Client object and executed client.resource(value).get(ClientResponse.class), which directly enabled SSRF. The patching commit (aec43e3) explicitly removes this network call, replacing it with a warning about parameterized URLs. The CVE description specifically calls out that 'this form validation method no longer connects to a user provided URL' in the fixed version, confirming this function's role.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:urltrigger | maven | <= 0.41 | 0.43 |
A Semantic Attack on Google Gemini - Read the Latest Research