-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jvnet.hudson.plugins:ftppublisher | maven | <= 1.2 |
Miggo AIRoot Cause AnalysisThe vulnerability documentation explicitly identifies FTPPublisher.DescriptorImpl#doLoginCheck as the vulnerable method. The CWE-862 (Missing Authorization) classification confirms this is an access control flaw. Jenkins security advisories and CVE descriptions directly attribute the vulnerability to this method's failure to verify ADMINISTER permissions before executing sensitive FTP connection tests. The method's exposure via web-accessible endpoints without POST request enforcement further supports this assessment.