-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:cloud-stats | maven | <= 0.26 | 0.27 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing authorization checks in HTTP endpoints. The key evidence is the fix adding: 1) StaplerProxy implementation, 2) a getTarget() method with checkPermission(). This indicates the original class handled HTTP requests without proper authorization. The test addition (denyAccessToStatsDetails) confirms the endpoint was previously accessible to non-admins. The vulnerability exists in the HTTP endpoint handling logic controlled by Stapler routing, which lacked permission validation before the getTarget() check was introduced.
JavaJava