-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.ukiuni.callOtherJenkins:call-remote-job-plugin | maven | <= 1.0.21 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unencrypted password storage in config.xml. Jenkins plugins typically serialize configuration data via XStream or similar mechanisms. The RemoteJobTrigger class (or equivalent) would contain password fields persisted without using Jenkins' Secret class or credential APIs. The setPassword/getPassword methods directly handle plaintext credentials, making them the root cause. The high confidence comes from the plugin's behavior described in advisories and standard Jenkins plugin implementation patterns for credential handling.