-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:cloudbees-folder | maven | < 6.848.ve3b | 6.848.ve3b |
Miggo AIRoot Cause AnalysisThe vulnerability stems from an HTTP endpoint accepting GET requests for view copy operations. Jenkins typically implements these actions through 'do[Action]' methods in controller classes. The Folders Plugin's patch added POST requirement validation, which in Jenkins is typically implemented by adding @RequirePOST annotations. The Folder class's doCopyView method would be the logical handler for view copy operations, and its pre-patch version lacking HTTP method enforcement would appear in profiler traces when CSRF exploitation occurs.
KEV Misses 88% of Exploited CVEs- Get the report