-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:git-server | maven | < 117.veb | 117.veb |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing permission checks in SSH Git operations. The primary vulnerable function would be the SSH command handler (SshCommandFactory.createCommand) that processes incoming requests without security validation. The Repository.serveCommand is included as it's the likely execution point for Git operations that required added permission checks. These conclusions are based on Jenkins plugin architecture patterns and the advisory's description of the security fix adding permission requirements at the SSH access layer.
Ongoing coverage of React2Shell