-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | < 1.625.2 | 1.625.2 |
| org.jenkins-ci.main:jenkins-core | maven | >= 1.626, < 1.638 | 1.638 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing ChannelConfigurator integration in JNLP slave channel setup. The security patch adds a loop calling ChannelConfigurator.onChannelBuilding(), which is essential for applying security restrictions like AdminWhitelistRule. The test case demonstrates that without this fix, JNL channels would allow dangerous operations like remote class loading and sensitive file access. The pre-patch version of jnlpConnect() is directly responsible for the insecure channel configuration.
A Semantic Attack on Google Gemini - Read the Latest Research