-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jvnet.hudson.plugins:analysis-core | maven | <= 1.95 | 1.96 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from the unsecured doSave handler in DefaultGraphConfigurationView. The patch added: 1) Job.CONFIGURE permission check, 2) @RequirePOST annotation, and 3) StaplerProxy implementation with getTarget() checks. The original method had no authorization checks, violating CWE-862. The diff clearly shows these security controls were missing in the vulnerable version.
Ongoing coverage of React2Shell