-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | < 2.121.3 | 2.121.3 |
| org.jenkins-ci.main:jenkins-core | maven | >= 2.122, < 2.138 | 2.138 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing authorization checks in the log exposure mechanism. The commit diff shows Computer.java's getLogText() method was modified to add a checkPermission(CONNECT) call. This matches the advisory's description of unauthorized access to agent logs via missing permission validation. Other files in the commit relate to broader permission system improvements but aren't directly tied to the described agent log exposure.