-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from HTTP endpoints accepting GET requests for sensitive actions. The commit adds @RequirePOST annotations to these methods and changes form submission methods from GET to POST in Jelly files. The affected functions (doCheckUrl, doSubmit in multiple classes) handled tag operations and URL connections without POST enforcement, allowing CSRF exploitation. The direct correlation between the patch's security measures and these functions confirms their vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:cvs | maven | <= 2.15 | 2.16 |
JavaJavaOngoing coverage of React2Shell