-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped package names being displayed in a UI table. Jenkins plugins typically use Jelly templates for UI rendering. The function rendering the package name values in the table would be vulnerable if it directly outputs untrusted data without using Jenkins' escape() function or equivalent XSS protections. The fix in 4.2.1 specifically mentions escaping package names, confirming the vulnerability exists in the display logic of package names obtained from remote servers.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:rapiddeploy-jenkins | maven | < 4.2.1 | 4.2.1 |