-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability centers on a form validation method for JDBC URL/credentials testing that failed to: 1) Check Job/Configure permissions (CWE-285/862), and 2) Enforce POST requests (CSRF). The descriptor pattern in Jenkins plugins typically uses 'doValidate[Parameter]' methods for form validation. The advisory explicitly states the fixed version added POST enforcement and permission checks to 'the affected form validation method', strongly indicating a method in the plugin's configuration descriptor class (GlobalPipelineMavenConfig$DescriptorImpl) handling JDBC validation.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:pipeline-maven | maven | < 3.8.3 | 3.8.3 |
JavaJavaOngoing coverage of React2Shell