-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.jenkins.blueocean:blueocean | maven | < 1.2.0 | 1.2.0 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from missing authentication checks during GitHub organization folder reconfiguration. The advisory explicitly mentions the fix involved adding Item/CREATE permission verification. In Jenkins plugin architecture, REST resource classes like OrganizationFolderResource typically handle configuration updates. The 'update' method (or similarly named) would be responsible for processing these changes. Prior to the patch, this method lacked the necessary permission check, making it the vulnerable entry point. The high confidence comes from the direct correlation between the advisory's described fix and standard Jenkins permission enforcement patterns.
Ongoing coverage of React2Shell