-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from a form validation method that: 1) Lacked permission checks (allowing Overall/Read users to execute it) 2) Did not require POST requests (enabling CSRF). Jenkins plugins typically implement form validation methods using doCheck* patterns in Descriptor classes. The advisory specifically mentions 'a method implementing form validation' related to server connectivity and credential submission, which matches the pattern of URL validation methods in Jenkins builders. The patched version added POST requirement and admin permissions, confirming this was the attack vector.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.rapid7:jenkinsci-appspider-plugin | maven | <= 1.0.15 | 1.0.16 |
JavaJavaOngoing coverage of React2Shell