-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper output encoding in the Log file field's form validation. Jenkins plugins typically implement form validation methods using 'doCheck[FieldName]' patterns. The advisory specifically mentions the log file path validation as the vulnerable component, and the fix in 3.0.1 adds escaping to this error message. The function name follows Jenkins plugin conventions, and the location matches standard Maven project structure for Jenkins plugins.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:sonargraph-integration | maven | <= 3.0.0 | 3.0.1 |
Ongoing coverage of React2Shell