-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped autocompletion suggestions in Jenkins' YUI AutoComplete implementation. The patch explicitly adds 'ac.formatResult = ac.formatEscapedResult' to enforce escaping, indicating the absence of this line in vulnerable versions was the root cause. The file hudson-behavior.js contains the client-side autocomplete configuration, and the YUI AutoComplete's default formatResult() method renders HTML literally unless overridden with the escaped variant.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | <= 2.73.2 | 2.73.3 |
| org.jenkins-ci.main:jenkins-core | maven | >= 2.74, <= 2.88 | 2.89 |