-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger | maven | < 2.30.2 | 2.30.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing permission checks in form validation methods handling connection tests. The commit bdc94d3 added @RequirePOST annotations and Jenkins.ADMINISTER permission checks to these methods, confirming they were previously unprotected. The methods allowed attackers with read access to trigger outbound connections and file existence checks. The test cases in LockedDownGerritEventTest.java validate() that these methods now require admin privileges, confirming their role in the vulnerability.
Ongoing coverage of React2Shell