Java| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:lucene-search | maven | <= 387.v938a |
| 398.v3dfa_cb_223984 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from an endpoint accepting non-POST requests for a sensitive action (database reindexing). The fix in commit 828f79f adds @RequirePOST annotation to this handler, confirming it was previously vulnerable. The function's purpose (rebuildDatabase) and the CVE description about missing POST validation directly correlate.
KEV Misses 88% of Exploited CVEs- Get the report
