-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:global-variable-string-parameter | maven | <= 1.2 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped rendering of parameter metadata in views. Jenkins plugins typically handle parameter display through getDisplayName() and getDescription() methods. The advisory specifically calls out improper escaping of these fields, which would be controlled by these core parameter definition methods. The high confidence comes from: 1) The vulnerability pattern matches known XSS patterns in Jenkins plugins 2) The CWE-79 classification directly implicates output encoding failures 3) The advisory explicitly states the attack vector is through parameter name/description display 4) Similar vulnerabilities in other parameter plugins were fixed by escaping these exact fields
Ongoing coverage of React2Shell