-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from improper permission configuration in the Jelly view template. The commit diff shows the critical change from a generic security flag ('secured=true') to a specific permission check ('permission=${it.requiredPermission}'). In Jenkins, Jelly templates control endpoint access, and the original implementation failed to enforce the required authorization level. This matches the CWE-862 (Missing Authorization) classification and the advisory's description of missing permission checks in HTTP endpoints.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:requests | maven | <= 2.2.6 | 2.2.7 |