-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:teamconcert | maven | < 2.4.2 | 2.4.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing permission checks in form validation methods. The commit diff shows ADMINISTER permission checks were added to validateBuildToolkit() and validatePasswordFile() methods in version 2.4.2. These methods handle file path validation and would have been accessible to users with only Overall/Read permissions prior to the patch, enabling unauthorized file existence checks.
Ongoing coverage of React2Shell