-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator | maven | <= 1.2.1 |
Miggo AIRoot Cause AnalysisThe advisory explicitly states multiple HTTP endpoints/views lack authorization checks and CSRF protection. In Jenkins plugins, job manipulation endpoints typically use do[Action] methods in Action classes. The combination of 1) missing permission verification (should require Job/Configure or similar) and 2) accepting GET requests (instead of requiring POST) matches the described vulnerability pattern. These methods would be the entry points for job disable/enable operations.
A Semantic Attack on Google Gemini - Read the Latest Research