-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe commit diff shows the vulnerable method was modified to add @POST annotation and permission checks. The advisory explicitly states this form validation method (doTestConnection) was the attack vector. The function's pre-patch behavior matches the CWE-862 (Missing Authorization) description, as it allowed low-privileged users to trigger sensitive actions.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:slack | maven | <= 2.19 | 2.20 |