-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from an unauthenticated HTTP endpoint that accepts a file name parameter without restricting path traversal characters. The plugin's failure to validate/sanitize this parameter allows attackers to escape the intended directory and read .xml files. While the exact function name isn't provided in advisories, Jenkins plugins typically implement HTTP endpoints via servlet classes with methods like doGet/doPost. The confidence is high because the advisory explicitly states the lack of parameter validation in an HTTP endpoint as the root cause.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:config-rotator | maven | <= 2.0.1 |
Ongoing coverage of React2Shell