-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| hudson.plugins:project-inheritance | maven | < 19.08.02 | 19.08.02 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from an unsecured HTTP endpoint handling project generation. Jenkins plugins typically implement form actions via do* methods in Action classes. The advisory explicitly states: 1) Missing Item/Create permission check 2) Lack of POST requirement. The combination of these factors indicates the vulnerable function would be the project generation handler method (likely doGenerateProject) in the plugin's main action class, which was modified in the patched version to add checkPermission() calls and @RequirePOST annotation.