-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | >= 2.500, < 2.504 | 2.504 |
| org.jenkins-ci.main:jenkins-core | maven | < 2.492.3 | 2.492.3 |
Miggo AIRoot Cause AnalysisThe security patch adds a Computer.CONFIGURE permission check in ComputerSet.doCreateItem() that was previously missing. The vulnerable versions allowed agent copying through this endpoint without verifying Configure permission. The method signature is clearly visible in the patch diff modifying the agent copy logic, with the added code throwing AccessDeniedException when unauthorized. This matches the CVE description about missing authorization for secret access during agent copy operations.
JavaJavaOngoing coverage of React2Shell