-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing user existence checks during API token validation. The patch adds a call to loadUserByUsername() within the token authentication flow in ApiTokenFilter.java. The pre-patch version of doFilter() contained the token validation logic (lines 41-46 in the diff) but lacked the user existence verification added in lines 45-59 of the patch. This function is directly responsible for processing API token authentication and was missing the critical user status check.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | >= 1.533, < 1.551 | 1.551 |
| org.jenkins-ci.main:jenkins-core | maven | < 1.532.2 | 1.532.2 |