-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:embeddable-build-status | maven | < 2.0.4 | 2.0.4 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from two overloaded doText methods in PublicBuildStatusAction.java that handled status badge requests. The pre-patch code only performed ViewStatus permission checks when 'throwErrorWhenNotFound' was true, as shown in the diff. This created a bypass path when the endpoint was used in 'unprotected' mode (throwErrorWhenNotFound=false). The patched version makes the permission check unconditional, then handles the throwErrorWhenNotFound flag separately. The functions are clearly identified in the commit diff and directly match the vulnerability description about missing authorization checks.
Ongoing coverage of React2Shell