-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.jenkins:configuration-as-code | maven | <= 1.24 | 1.25 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from missing output escaping during configuration export. The commit diff shows:- 1) PrimitiveConfigurator.describe() method was modified to use SecretSourceResolver.encode() for escaping- 2) SecretSourceResolver was rewritten with new encoding logic. These changes indicate the original implementations lacked proper escaping of variable references during YAML serialization, making them the root cause of improper output encoding.
Ongoing coverage of React2Shell