Miggo Logo

CVE-2017-1000105: Missing Authorization in Jenkins Blue Ocean Plugin

4.3

CVSS Score
3.0

Basic Information

EPSS Score
0.10408%
Published
5/13/2022
Updated
1/17/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
io.jenkins.blueocean:blueoceanmaven<= 1.2.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing Run/Artifacts permission checks in artifact access logic, but the provided data lacks specific code references, commit diffs, or file paths. While the advisory describes the flawed authorization mechanism, it does not explicitly name the functions responsible for artifact retrieval or permission validation. Without concrete code examples or patch details, identifying exact vulnerable functions with high confidence is not possible. The fix likely involved adding permission checks in artifact-serving endpoints or controllers, but these cannot be mapped to specific functions without further technical context.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** option*l Run/*rti***ts p*rmission **n ** *n**l** *y s*ttin* * J*v* syst*m prop*rty. *lu* O***n *i* not ****k t*is p*rmission ***or* provi*in* ****ss to *r**iv** *rti***ts, It*m/R*** p*rmission w*s su**i*i*nt. *lu* O***n now *orr**tly ****ks t**

Reasoning

T** vuln*r**ility st*ms *rom missin* `Run/*rti***ts` p*rmission ****ks in *rti***t ****ss lo*i*, *ut t** provi*** **t* l**ks sp**i*i* *o** r***r*n**s, *ommit *i**s, or *il* p*t*s. W*il* t** **visory **s*ri**s t** *l*w** *ut*oriz*tion m****nism, it *o