-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:matlab | maven | < 2.11.1 | 2.11.1 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in two core components: 1) HTTP endpoints handling form validation without security controls, and 2) XML parsing without XXE protections. Jenkins plugin patterns indicate form validation is typically handled by doCheck methods in DescriptorImpl classes. The advisory explicitly mentions missing permission checks and CSRF protections in these endpoints. For XXE, the XML parsing function that checks MATLAB installations would be the logical location for insecure DocumentBuilderFactory usage, as this is the primary XML processing described in the vulnerability description. Both locations are directly mentioned in the advisory as root causes for different aspects of the vulnerability (CWE-611 for XXE, and CSRF/missing auth checks for the endpoints).
JavaJavaOngoing coverage of React2Shell