-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:gitlab-oauth | maven | <= 1.4 | 1.5 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from missing session invalidation during authentication. The commit diff shows the fix added session invalidation logic (session.invalidate() and request.getSession(true)) in doFinishLogin, indicating this was the vulnerable entry point. The CWE-384 description confirms this matches session fixation patterns where pre-auth sessions aren't properly cycled.
Ongoing coverage of React2Shell