-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe commit diff shows added permission checks (Jenkins.ADMINISTER) in LuceneManager methods handling critical operations. These HTTP endpoints were previously missing authorization validation, matching the vulnerability description of allowing Overall/Read users to perform administrative actions. The affected methods directly correlate to the described attack vectors - reindexing and information disclosure.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:lucene-search | maven | <= 370.v62a5f618cd3a | 387.v938a |