-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing permission checks in form validation methods. Jenkins plugins typically implement form validation via doCheck* methods in Descriptor classes. The advisory explicitly states the vulnerability occurs in 'methods implementing form validation' which matches this pattern. The descriptor class would handle configuration validation for SSH key paths and deployment targets, explaining both file existence checks and unauthorized uploads. While exact method names aren't provided, the architectural pattern and vulnerability description strongly indicate the descriptor's validation methods are the root cause.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:openshift-deployer | maven | <= 1.2.0 |
Ongoing coverage of React2Shell