-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from form validation methods that: 1) Don't enforce POST requests (CSRF vector), and 2) Lack permission checks (allowing Overall/Read users to trigger them). Jenkins plugin patterns indicate these would be doCheck*/doTest* methods in the DescriptorImpl class. The path checking and connection testing functionalities directly map to the described attack vectors (file existence probing and connection tests). While exact code isn't available, Jenkins security best practices and advisory details strongly suggest these methods as the vulnerable entry points.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:websphere-deployer | maven | <= 1.6.1 |
Ongoing coverage of React2Shell