-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:rundeck | maven | < 3.6.7 | 3.6.7 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from insecure XML parsing in the webhook handler. The pre-patch code in WebHookListener.java used ParserHelper.loadDocument() which didn't disable DTD/external entities. The fix introduced a secure ParserXML class with XXE protections (disallowDoctypeDecl, disable external entities), and modified doIndex to use this safer parser. The test cases added validate XXE prevention, confirming the original function was vulnerable.
Ongoing coverage of React2Shell