-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe advisory explicitly states that form validation URLs lacked both permission checks and CSRF protection (did not require POST requests). In Jenkins plugins, form validation methods like 'doCheck*' in DescriptorImpl classes handle these endpoints. The command execution capability mentioned in the CVE implies a method directly invoking OS commands via user-controlled input. The combination of missing CSRF tokens (GET-based execution) and lack of permission validation in this context creates the vulnerability. While exact code isn't available, Jenkins plugin patterns and the advisory's technical details make this a high-confidence assessment.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:sounds | maven | < 0.6 | 0.6 |