-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| se.diabol.jenkins.pipeline:delivery-pipeline-plugin | maven | <= 1.0.7 | 1.0.8 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper handling of the 'fullscreen' query parameter in JavaScript rendering. Jenkins plugins typically process HTTP requests via methods like doIndex in view classes. The DeliveryPipelineView's doIndex method would be responsible for rendering the vulnerable JavaScript content using unescaped parameters, as evidenced by the patch's boolean conversion fix. This function would appear in runtime profiles when processing malicious URLs exploiting this XSS.