-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.jenkins:configuration-as-code | maven | < 1.25 | 1.25 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from insufficient secret detection in two key areas: 1) Logging during configuration application (setValue) and 2) Configuration export (_getValue). The commit introduced calculateIfSecret() to check fields/getters/constructors for secret indicators, and added isSecret() checks in these methods. The test cases (CredentialsTest, SSHCredentialsTest, MailExtTest) demonstrate that password fields in credentials implementations were previously exposed in logs/exports because these methods didn't properly detect secret storage patterns beyond direct Secret.class type checks.