-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe advisory explicitly states: 1) Missing permission checks in HTTP endpoints, 2) Lack of POST request requirements (CSRF vector). While exact method names aren't provided, Jenkins plugin vulnerabilities of this type typically manifest in form validation/handler methods (e.g., doTestConnection, doSaveConfig) that process user input without CSRF tokens or method enforcement. The confidence is high because these patterns are well-established in Jenkins CSRF vulnerabilities.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:ec2-deployment-dashboard | maven | <= 1.0.10 |