-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:openid | maven | < 2.4 | 2.4 |
Miggo AIRoot Cause AnalysisThe vulnerability documentation explicitly identifies OpenIdSsoSecurityRealm.DescriptorImpl#doValidate as the vulnerable method. The GitHub commit 5a91a74 shows the fix added both @RequirePOST annotation and Jenkins.ADMINISTER permission checks, confirming the original implementation lacked these security measures. This matches the CWE-862 (Missing Authorization) classification by allowing unauthorized users to initiate network connections.