-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:recipe | maven | <= 1.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from two key issues: 1) The plugin's XML parser configuration lacks XXE protections (e.g., no disabling of DTDs/external entities) in HTTP endpoints that fetch and parse external XML data. 2) Job configuration export functionality exposes raw XML data with unredacted secrets. Both scenarios involve XML processing without secure settings like FEATURE_SECURE_PROCESSING or explicit disallowal of doctype declarations. The advisory explicitly states these flaws (missing parser configuration for XXE, unredacted secrets in exported XML), making high-confidence identification possible despite lacking concrete function names/paths.