-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe key vulnerability stemmed from Credential.java's doValidateCredential method where the permission check was improperly implemented. The patch shows this method initially lacked any permission check, then added a check for Permission.CREATE (insufficient for the sensitive credential validation operation). The vulnerability description explicitly states the permission check was 'added but for the wrong permission' in earlier partial fixes. This method handles credential validation against external URLs, making it the attack vector for credential capture when combined with the weak CREATE permission check.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.xebialabs.deployit.ci:deployit-plugin | maven | <= 10.0.1 | 10.0.2 |
Ongoing coverage of React2Shell