-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from improper security controls in Jenkins' matrix project combination filter feature. The advisory specifically references 'combination filter Groovy script' as the attack vector (SECURITY-125), and the CWE-266 (Incorrect Privilege Assignment) indicates missing authorization checks. Matrix project configuration allows users to specify Groovy scripts for build combination filtering. These functions are core to processing those scripts, and their lack of sandboxing/privilege validation in vulnerable versions would permit authenticated attackers to execute arbitrary code with elevated privileges. The patched versions (1.600/1.596.1) likely added security constraints to these script evaluation pathways.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | >= 1.597, < 1.600 | 1.600 |
| org.jenkins-ci.main:jenkins-core | maven | < 1.596.1 | 1.596.1 |
Ongoing coverage of React2Shell