-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.inedo.proget:inedo-proget | maven | <= 0.8 | 1.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from global SSL/TLS validation disablement. The affected files (ProGetApi/Config/Configuration.java) likely contained methods that: 1. Created HTTP clients with trust-all configurations 2. Set JVM-wide SSL socket factories 3. Disabled hostname verification globally. These functions would appear in stack traces when establishing insecure connections. The patch evidence from advisories indicates these components were modified to remove global settings and implement scoped configuration.