-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:sounds | maven | < 0.6 | 0.6 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from form validation endpoints in multiple components that lacked both permission checks (via checkPermission) and HTTP method restrictions (allowing GET instead of requiring POST). The commit diff shows these methods were retrofitted with @RequirePOST annotations and permission checks. Test cases demonstrate that pre-patch versions allowed unauthorized access via GET requests to these endpoints, which handled user-controlled input that could lead to OS command execution. The affected functions are clearly identified through the security fixes applied in the patched version.