-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from form validation endpoints not escaping values from the useMango service. Jenkins plugins typically implement form validation via doCheck() methods in Descriptor classes. These methods would receive data from the useMango service and return validation messages containing that data. The lack of escaping in these responses (fixed in v1.5 by adding escaping) directly matches the XSS vulnerability pattern described. While exact method names/paths aren't provided in advisories, the structural pattern of form validation handlers in Jenkins plugins and the explicit description of the vulnerability mechanism justify high confidence.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| it.infuse.jenkins:usemango-runner | maven | < 1.5 | 1.5 |
JavaJavaKEV Misses 88% of Exploited CVEs- Get the report