-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:valgrind | maven | <= 0.28 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped Valgrind XML report content being rendered in Jenkins. The core issue would exist in functions responsible for parsing/processing XML reports and rendering their content. ValgrindPublisher#processReport is a logical entry point for report processing, and ValgrindResult#getReportDetails would handle data extraction for display. While no direct code is provided, Jenkins plugin conventions and the nature of stored XSS in report rendering strongly suggest these components. Confidence is high for ValgrindPublisher#processReport due to its role in report ingestion, and medium for ValgrindResult#getReportDetails due to typical data flow patterns.
Ongoing coverage of React2Shell