-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped display names being rendered in HTML. The patch adds StringEscapeUtils.escapeHtml() to the getName() method, confirming this was the injection point. The function directly handles user-controllable input (job display names) and outputs it to web pages without sanitization in vulnerable versions.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:depgraph-view | maven | <= 0.13 | 0.14 |
JavaJavaOngoing coverage of React2Shell