-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe CVE description and Jenkins advisory explicitly state the vulnerability stems from missing CSRF protection (POST requirement) on an endpoint that accepts pending requests. In Jenkins plugin architecture, such actions are typically handled by 'doX' methods in controller classes. The lack of POST enforcement implies the handler method (e.g., doAccept) does not validate the request method or CSRF token, making it vulnerable to forged GET/POST requests from malicious sites.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:rrod | maven | <= 1.1.0 |
JavaJavaOngoing coverage of React2Shell