-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.jenkins.blueocean:blueocean | maven | < 1.27.5.1 | 1.27.5.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from 1) missing POST requirement for state-changing SCM connection endpoint and 2) using user-provided URL parameter instead of configured SCM URL. The first function likely handled the HTTP endpoint without proper method validation (GET instead of POST), while the second retrieved the target URL from untrusted input. These would appear in stack traces when processing malicious CSRF requests attempting to redirect SCM connections.