-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | >= 1.597, < 1.606 | 1.606 |
| org.jenkins-ci.main:jenkins-core | maven | < 1.596.2 | 1.596.2 |
Miggo AIRoot Cause AnalysisThe commit diff shows a critical security check (user.checkPermission(Jenkins.ADMINISTER)) was added to changeApiToken(). The vulnerability description explicitly mentions 'forced API token change' as the attack vector, and the test case in UserTest.java validates that non-admin users can't change others' tokens post-patch. This function's pre-patch state directly matches the vulnerability mechanism described in CVE-2015-1814.