-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:artifactory | maven | < 3.6.1 | 3.6.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from two key aspects: 1) The password retrieval mechanism (getPassword) returning decrypted credentials that were then included in configuration forms, and 2) The configuration handling logic (configure) transmitting these values without encryption. These functions are core to the password management flow in the plugin. The pattern matches Jenkins' Secret handling practices where getters for sensitive fields must explicitly manage encryption, and form submission handlers must properly process secrets. The CWE-319/CWE-522 mapping confirms this is a cleartext transmission issue at the function level.
KEV Misses 88% of Exploited CVEs- Get the report