-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | < 1.625.2 | 1.625.2 |
| org.jenkins-ci.main:jenkins-core | maven | >= 1.626, < 1.638 | 1.638 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from insufficient access controls in the API token retrieval mechanism. The commit diff shows the getApiToken() method was modified to add security checks through hasPermissionToSeeToken(), and a new getApiTokenInsecure() method was created for the actual token retrieval. Prior to this fix, the getApiToken() method directly exposed tokens without validating if the requesting user (including administrators) should have access. The CWE-522 (Insufficiently Protected Credentials) classification and advisory descriptions confirm this was an authorization flaw in token exposure.