-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped user-controlled data being injected into the DOM. The commit diff shows two critical changes: (1) Escaping was added to 'copy.firstChild.innerHTML = name', which previously allowed arbitrary HTML injection via user names. (2) Escaping was added to 'tooltip' attribute values derived from DOM data attributes, which could contain malicious content. These inline JavaScript code blocks in the Jelly template directly manipulate the UI without proper sanitization, making them the root cause of the stored XSS vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:matrix-auth | maven | <= 2.6.1 | 2.6.2 |