-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:app-detector | maven | < 1.0.9 | 1.0.9 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped parameter names in views. Jenkins plugins typically use Jelly templates for UI rendering. The advisory specifically mentions improper escaping of Chois Application Version parameter names, which would manifest in the corresponding view template. The pattern matches known Jenkins XSS vulnerabilities where ${parameter.name} or similar expressions are used without escaping. The fix in 1.0.9 would logically involve adding escaping in this template file.