-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:svn-partial-release-mgr | maven | <= 1.0.1 |
Miggo AIRoot Cause AnalysisThe advisory explicitly states two key vulnerabilities in the HTTP endpoint: 1) Missing permission check (CVE-2024-28159) allowing Item/Read users to trigger builds, and 2) CSRF vulnerability (CVE-2024-28158) due to accepting GET requests. In Jenkins plugin architecture, HTTP endpoints handling build triggers typically use methods named like doBuildTrigger in Action classes. The combination of missing @RequirePOST annotation and lack of permission validation in this handler would make it vulnerable. While exact implementation details aren't available, this pattern matches Jenkins' vulnerability patterns for CSRF and matches the described attack vector.
JavaJavaOngoing coverage of React2Shell