-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | <= 2.138.1 | 2.138.2 |
| org.jenkins-ci.main:jenkins-core | maven | >= 2.140, <= 2.145 | 2.146 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper input validation in the XML API handler. The commit diff shows added validation for the 'wrapper' parameter using a regex pattern to restrict allowed characters. The security advisory explicitly mentions the wrapper parameter in Api.java as the attack vector, and the associated test cases (ApiSecurity1129Test) verify that invalid wrapper values trigger security protections. The function's role in processing user-controlled XML output without proper sanitization in vulnerable versions directly enables the XSS vulnerability.