-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.jenkins.plugins:miniorange-saml-sp | maven | < 2.0.1 | 2.0.1 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly states the plugin had an HTTP endpoint that 1) lacked permission checks and 2) didn't require POST requests. Since the patch removed the endpoint entirely (rather than adding security controls), we infer the removed method was directly responsible for handling these insecure requests. Jenkins plugin endpoints typically use @WebMethod annotations with do* method naming conventions. The email-sending functionality and CSRF vector indicate a method related to test email functionality in the SAML configuration class.