-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability centers on a missing authorization check in a form validation endpoint. Multiple authoritative sources (NVD, Jenkins advisory) explicitly reference Configuration#doTestConnection as the vulnerable method. This would be the entry point for connection tests that lacked proper permission validation and CSRF protection. The function name follows Java convention for Jenkins plugin classes, with 'doTestConnection' being the HTTP endpoint handler method for form validation actions.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:electricflow | maven | <= 1.1.6 | 1.1.7 |
JavaJava