-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:weblogic-deployer-plugin | maven | <= 4.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from form validation methods that 1) don't perform permission checks (allowing Overall/Read users to execute them) and 2) accept non-POST requests (enabling CSRF). In Jenkins plugins, form validation is typically implemented through doCheck* methods in Descriptor classes. The combination of missing permission validation (SECURITY-820) and missing POST requirement (CWE-352) indicates these methods are the vulnerable entry points. The file path is inferred from standard Jenkins plugin structure and WebLogic Deployer naming conventions.
Ongoing coverage of React2Shell