-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:support-core | maven | <= 2.63 | 2.64 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from two key issues in SupportAction.java: 1) Missing permission check in the bundle deletion endpoint (CWE-281). The pre-patch code allowed any user with Overall/Read to trigger deletion. 2) Insufficient path validation that could enable path traversal (CVE-2019-16540). The commit 6b177ea adds permission enforcement through StaplerProxy.getTarget() and validates bundle existence. The test cases confirm the vulnerability by demonstrating unauthorized deletion attempts. The doDeleteBundles method was directly responsible for handling deletion requests without proper security checks.
KEV Misses 88% of Exploited CVEs- Get the report