-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaOngoing coverage of React2Shell
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | >= 1.533, < 1.551 | 1.551 |
| org.jenkins-ci.main:jenkins-core | maven | < 1.532.2 | 1.532.2 |
Miggo AIRoot Cause AnalysisThe commit diff shows the vulnerability was patched by adding Jenkins.getInstance().getMarkupFormatter().translate(note) to sanitize the input. The original code path in getShortDescription() directly interpolated the user-controlled 'note' parameter into HTML messages without escaping. This matches the CVE description of XSS via remote cause notes and the security advisory's mention of SECURITY-74 being a stored XSS vulnerability.