-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped display names in the build cause UI. The commit diff shows the removal of <j:out> tags in description.jelly, which are responsible for safe HTML escaping in Jenkins Jelly templates. In vulnerable versions (<=3.9.2), the display name was rendered via ${...} interpolation without escaping, while the fix (3.9.3) introduced proper escaping by leveraging Jelly's implicit escaping or safer context handling. The file path and template logic align with the vulnerability's description of XSS in build cause rendering.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:pipeline-maven | maven | <= 3.9.2 | 3.9.3 |
Ongoing coverage of React2Shell