-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing CSRF protections on specific admin endpoints. The GitHub diff shows: 1) CSRF tokens were added to forms in JSP files, indicating they were previously missing. 2) Spring Security configuration was updated to explicitly protect these POST endpoints. These changes directly correlate with the CWE-352 (CSRF) vulnerability description, confirming the unprotected endpoints were the attack surface.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.opennms:opennms-webapp | maven | < 31.0.6 | 31.0.6 |
JavaJavaOngoing coverage of React2Shell