-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe commit diff shows these Stapler endpoints were modified to add: 1) checkPermissionForRemoteRequests() calls verifying Item.CONFIGURE or ADMINISTER permissions, and 2) @POST annotations enforcing HTTP method constraints. The original vulnerability description explicitly mentions endpoints lacking both permission checks and CSRF protection. These three handler methods handle sensitive operations (URL validation, certificate checks, project enumeration) that match the attack scenario described.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:codedx | maven | < 4.0.0 | 4.0.0 |
JavaJavaOngoing coverage of React2Shell