-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe advisory explicitly states the vulnerability stems from a form validation endpoint executing Groovy scripts without CSRF protections. Jenkins plugin form validation methods typically follow the 'doCheck[FieldName]' naming convention (e.g., doCheckGroovyScript) and handle parameter validation logic. The lack of POST request enforcement and CSRF token validation in this method aligns with the described attack vector where admin privileges allow arbitrary code execution via crafted requests.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:autocomplete-parameter | maven | <= 1.1 |
JavaJavaOngoing coverage of React2Shell