-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | >= 1.481, < 1.502 | 1.502 |
| org.jenkins-ci.main:jenkins-core | maven | < 1.480.3 | 1.480.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing permission checks in two critical areas: 1) The BuildTrigger's configuration validation (doCheck) allowed users to specify downstream projects without BUILD permissions. 2) The project configuration submission logic (submit) failed to enforce these checks during actual save operations. The patches explicitly added BUILD permission checks in both locations, confirming these were the vulnerable points. The commit diff and CVE description align perfectly with these missing authorization controls.