-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing permission checks when triggering builds. Jenkins security patterns require:
While the exact code changes aren't shown, the advisory explicitly states the plugin failed to check build authentication context when triggering projects. The primary vulnerable functions would be those handling:
These functions would appear in stack traces when a build step triggers another project. The medium confidence reflects inference from Jenkins security patterns rather than direct patch inspection.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:pipeline-build-step | maven | <= 2.5 | 2.5.1 |