-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jvnet.hudson.plugins:monitoring | maven | < 1.53.0 | 1.53.0 |
Miggo AIRoot Cause AnalysisThe commit diff shows the access control check originally used exact URI matching (requestURI.equals(monitoringSlavesUrl)), which failed to cover all subpaths under '/nodes'. This allowed unauthorized access to unspecified pages under that path. The fix changed it to 'startsWith', ensuring all subpaths require admin permission. Additionally, the absence of parameter sanitization for XSS vectors in the original code allowed reflected XSS attacks, which the patch addressed by adding parameter validation.