-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:oic-auth | maven | < 4.355.v3a | 4.355.v3a |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing audience claim validation in the OIDC authentication flow. The primary function handling ID token validation would be OicUserInfo.verify() based on standard plugin structure and OIDC implementation patterns. The advisory explicitly states the patch added 'aud' validation to the authentication flow process, indicating the verification method was previously incomplete. This function would appear in stack traces during token processing when exploited.
JavaJavaKEV Misses 88% of Exploited CVEs- Get the report