-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests in HTTP endpoint handlers that lacked two critical protections: 1) POST method requirements (CSRF protection) and 2) permission checks. The patches add @POST annotations and @AncestorInPath parameters with permission validation. The vulnerable versions would show these handler methods (doFill*Items) processing requests without these protections. All modified methods in both OctoPerfTestStep$DescriptorImpl and OctoperfBuilderDescriptor classes directly correspond to the endpoints described in the CVE, handling credential/workspace/project/scenario selection with insufficient authorization.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkinsci.plugins:octoperf | maven | < 4.5.3 | 4.5.3 |