-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.rapid7:jenkinsci-appspider-plugin | maven | < 1.0.17 | 1.0.17 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing Item/Configure permission checks in HTTP endpoints that populate UI dropdowns. The GitHub patch adds 'item.hasPermission(Item.CONFIGURE)' checks to these methods in PostBuildScan's DescriptorImp class. Prior to 1.0.17, these methods allowed enumeration of sensitive configuration data to users with only Overall/Read access, as evidenced by the addition of permission checks in the commit diff for these specific functions.
Ongoing coverage of React2Shell