-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the doBuild method in ElectricFlowEFRunAPIAction.java handling build scheduling requests without verifying Item/Build permissions. The provided commit diff explicitly adds a project.hasPermission(Item.BUILD) check to this method, confirming this was the missing authorization mechanism. The CVE description directly matches this scenario where the endpoint allowed scheduling builds without proper permissions.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:electricflow | maven | < 1.1.18.1 | 1.1.18.1 |
| org.jenkins-ci.plugins:electricflow | maven | >= 1.1.19, < 1.1.22 | 1.1.22 |