-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from two key issues: 1) Missing permission checks in HTTP endpoints, and 2) Lack of CSRF protection (no POST requirement). While exact function names/paths aren't disclosed in advisories, Jenkins plugin architecture typically implements such functionality via servlet endpoints with 'do[Action]' methods (e.g., doStartBuild). The advisory explicitly states these endpoints allow state-changing actions (build triggers/reconfiguration) without CSRF tokens or POST validation, making the request handlers inherently vulnerable. Confidence is high because the vulnerability pattern matches Jenkins' CSRF protection requirements and the advisory's technical description.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.barchart.jenkins:maven-release-cascade | maven | <= 1.3.2 |