-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability description explicitly lists ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit as vulnerable endpoints. The GitHub commit 687cc2b confirms the fix involved adding @RequirePOST annotations to these methods, indicating they previously accepted unsafe HTTP methods like GET. CSRF vulnerabilities occur when state-changing actions lack proper request method enforcement and CSRF tokens.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:artifactory | maven | <= 3.2.2 | 3.2.3 |
JavaJavaOngoing coverage of React2Shell