-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaMiggo AIRoot Cause AnalysisThe commit edd59db shows the doFillInstallationItems method was modified to add permission checks. Prior versions lacked these checks, exposing the installation list enumeration endpoint. This matches the CVE description of missing authorization in an HTTP endpoint.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:mercurial | maven | = 2.11 | 2.12 |
| org.jenkins-ci.plugins:mercurial | maven | = 2.10 | 2.10.1 |
| org.jenkins-ci.plugins:mercurial | maven | = 2.9 | 2.9.1 |
| org.jenkins-ci.plugins:mercurial | maven | < 2.8.1 | 2.8.1 |
Ongoing coverage of React2Shell