-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:ec2-deployment-dashboard | maven | <= 1.0.10 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing CSRF protections on a job copying endpoint. Jenkins plugins typically use doCopyJob methods for HTTP endpoints (e.g., doCopyJob). The advisory explicitly states the endpoint doesn't require POST requests, which in Jenkins' Stapler framework would mean the handler method lacks @RequirePOST annotation or equivalent protection. While exact method names aren't visible without code, the pattern matches Jenkins' convention for form submission handlers. The high confidence comes from the direct correlation between the described vulnerability (CSRF via missing POST requirement) and Jenkins plugin development patterns.
JavaJavaOngoing coverage of React2Shell