-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped HTML output in Jelly templates like summary.jelly. The doSummary method handles rendering of this template through Jenkins' Stapler framework. User-controlled values like report names from getReportName() are injected into the template without proper escaping. The advisory explicitly mentions adding HTML escaping in the patch, confirming these are the entry points for malicious data.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:testlink | maven | <= 2.12 | 2.13 |