-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from a missing CSRF protection mechanism in the connection test method. The commit diff shows the addition of @RequirePOST to the doTestDynatraceConnection method, indicating it previously accepted non-POST requests. This allowed attackers to forge requests and manipulate Dynatrace server connections. The advisory explicitly references this as the CSRF vector, and the patch directly addresses it by enforcing POST requests.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:dynatrace-dashboard | maven | < 2.1.4 | 2.1.4 |
JavaJavaOngoing coverage of React2Shell