-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper escaping of user-controlled classpath entries in the Jenkins UI. The commit diff shows the fix replaced unsafe string concatenation ("<code>..." + e.path + "...</code>") with DOM textContent assignment, which automatically escapes HTML. The test case added in ScriptApprovalTest.java explicitly checks for XSS in both pending and approved classpath entries, confirming the rendering logic in index.jelly was the vulnerable component.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:script-security | maven | <= 1.72 | 1.73 |
JavaJavaOngoing coverage of React2Shell