-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.mabl.integration.jenkins:mabl-integration | maven | < 0.0.47 | 0.0.47 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing permission checks in HTTP endpoints handling credential operations. The commit 4e21f49 shows added permission checks (Item.CONFIGURE) in validation logic and credential dropdown population. These functions correspond to the described attack vectors - credential ID enumeration (CVE-2023-37950) and unauthorized credential usage (CVE-2023-37953). The validator class changes directly address the missing authorization, while the descriptor methods handle credential exposure.