-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:cloudbees-jenkins-advisor | maven | < 3.0.1 | 3.0.1 |
Miggo AIRoot Cause AnalysisThe commit diff shows both methods were modified to add @POST annotations and ADMINISTER permission checks. The vulnerability description explicitly mentions that these form validation methods 1) didn't require POST requests (CSRF vector) and 2) lacked proper permission checks (allowing Read users to trigger actions). The pre-patch versions of these methods in <3.0.1 would therefore be vulnerable endpoints accepting GET requests without authorization checks.
Ongoing coverage of React2Shell