-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:netsparker-cloud-scan | maven | <= 1.1.5 | 1.1.6 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from NCScanBuilder.DescriptorImpl#doValidateAPI missing both permission checks (CWE-862) and CSRF protections. The patch adds an ADMINISTER permission check and enforces POST requests. The function signature matches the advisory's description of the vulnerable endpoint, and the code changes directly address the authorization flaw.