-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from a form validation method in OctopusDeployPlugin.java that handled URL connectivity checks. Jenkins security advisory GHSA-5v2j-w677-j4mp explicitly states this was a form validation method missing two critical security controls:
Jenkins plugin conventions indicate form validation methods follow the 'doCheck[ParameterName]' naming pattern. The URL parameter being validated (likely 'octopusUrl') would make 'doCheckOctopusUrl' the vulnerable method. This matches the advisory's description of the attack vector allowing SSRF through URL connectivity tests. The function would appear in runtime profiling when attackers trigger the vulnerable endpoint to perform SSRF.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| hudson.plugins.octopusdeploy:octopusdeploy | maven | <= 1.8.1 | 1.9.0 |
Ongoing coverage of React2Shell