-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing permission checks in the API endpoint handler for graph modifications. Jenkins plugin endpoints typically use 'do[Action]' methods (e.g., doSubmit) in Action classes. The advisory explicitly states the patched version added permission requirements for job configuration, indicating the vulnerable version's endpoint handler lacked these checks. While no code diffs are available, Jenkins security patterns and the CWE-862 classification strongly suggest the modification endpoint handler (doSubmit) was the vulnerable function.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:depgraph-view | maven | <= 0.12 | 0.13 |