-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability description explicitly identifies XLTestView.XLTestDescriptor#doTestConnection as the vulnerable function. Key indicators: 1) Missing permission check allows unauthorized credential usage by users with only Overall/Read access. 2) Lack of POST request requirement enables CSRF attacks. 3) The function handles connection testing with external URLs using Jenkins-stored credentials, creating the credential capture vector. The combination of these factors in a single entry point makes this function the clear vulnerability source.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.xebialabs.xlt.ci:xltestview-plugin | maven | <= 1.2.0 |
Ongoing coverage of React2Shell