-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | >= 1.660, < 2.3 | 2.3 |
| org.jenkins-ci.main:jenkins-core | maven | < 1.651.2 | 1.651.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper filtering of build parameters passed to the environment. The ParametersAction class handles parameter injection, and its contributeTo() method directly adds parameters to the build environment. The security advisory references the introduction of hudson.model.ParametersAction.keepUndefinedParameters and .safeParameters system properties to control this behavior, indicating this was the core mechanism allowing parameter injection. The function's role in environment variable propagation and the explicit security controls added around it confirm its vulnerability.