-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.inedo.proget:inedo-proget | maven | < 1.3 | 1.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from handling credentials in configuration forms. The commit shows critical changes to password handling:- 1) setPassword changed from String to Secret parameter type 2) getPassword changed to return Secret instead of decrypted String 3) doTestConnection's password parameter type changed to Secret. These changes indicate the password was previously transmitted/processed in plaintext through form submissions and API validation endpoints, violating CWE-319 requirements for encrypted transmission of sensitive data.
KEV Misses 88% of Exploited CVEs- Get the report