-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from an HTTP endpoint that handles file deletion operations without requiring POST requests or CSRF protections. Jenkins plugins typically implement such endpoints as 'do[Action]' methods in Java classes (e.g., doDelete). The advisory explicitly states the lack of POST request enforcement (CWE-352), and the file deletion capability aligns with the described attack vector. While the exact code isn't shown, the pattern matches Jenkins plugin architecture and the vulnerability description provides sufficient context for high-confidence identification.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:htmlresource | maven | <= 1.02 |