-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:azure-credentials | maven | <= 253.v887e0f9e898b | 254.v64da_8176c83a |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from form validation endpoints that: 1. Lacked @POST method restrictions (allowing CSRF via GET), 2. Had insufficient permission checks (accepting Overall/Read instead of requiring Administer). The commit added @POST annotations, AncestorInPath parameters, and explicit permission checks (ADMINISTER/CONFIGURE). The vulnerable versions contained these methods without these protections, as shown in the pre-patch code where these security measures were missing.