-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:saltstack | maven | <= 3.1.6 | 3.1.7 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from form validation methods lacking two critical protections: 1) Permission checks (Item.CONFIGURE/Administer), allowing low-privileged users to execute sensitive actions, and 2) CSRF safeguards (missing @RequirePOST). The commit explicitly adds these protections to the listed methods. The functions handle credential validation, connection testing, and credential ID selection - all directly tied to the described credential exposure and CSRF vectors. The Jelly UI changes (checkMethod='post') further confirm these endpoints were exposed via GET requests originally.
A Semantic Attack on Google Gemini - Read the Latest Research