-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe advisory explicitly mentions a form validation method with two flaws: 1) Missing permission checks allowing attackers with Overall/Read access to abuse it, and 2) Lack of POST requirement enabling CSRF. In Jenkins plugin architecture, connection test functionality is typically implemented via doTestConnection methods in Descriptor classes. The combination of credential handling and form validation context strongly suggests this as the vulnerable entry point.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:ws-execution-manager | maven | <= 10.0.3.503 |
JavaJavaOngoing coverage of React2Shell