-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from HTTP endpoints in the Azure Service Fabric Plugin that handle credential enumeration and service interactions. Jenkins plugins typically implement such endpoints via Stapler framework methods (do* naming convention) in management classes. The advisory explicitly states missing permission checks (CWE-862) and CSRF vulnerabilities in endpoints related to credential enumeration and service connections. The high-confidence entry (doListCredentials) aligns with the credential ID enumeration described, while doTestConnection reflects the CSRF/secondary attack vector mentioned in the Jenkins advisory. The file path is inferred from standard Maven/Java plugin structures and Azure Service Fabric context.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:service-fabric | maven | <= 1.6 |
Ongoing coverage of React2Shell