-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing permission checks on HTTP endpoints for load/memory leak generation. Jenkins plugins typically implement these actions as do* methods in Action classes. The advisory specifically mentions these endpoints lacked authorization until v0.4 added Administer requirements. While exact code isn't available, the pattern matches Jenkins' Stapler framework conventions where web-bound methods start with 'do' and require explicit permission annotations which were missing here.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.jenkins.plugins:chaos-monkey | maven | <= 0.3 | 0.4 |
Ongoing coverage of React2Shell