-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| net.praqma:rqm-plugin | maven | <= 2.8 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from improper credential storage in the global configuration XML file. Jenkins plugin architecture requires Builder classes and their DescriptorImpl to handle configuration persistence. The functions responsible for serializing configuration data to disk (configure methods) would be the ones writing the plaintext password. While exact code isn't available, the file path pattern and Jenkins plugin conventions strongly indicate these are the entry points for configuration storage. The high confidence comes from: 1) The specific file path mentioned in advisories matches standard Maven/Java package structure 2) Jenkins plugin design patterns for configuration handling 3) Explicit mention of plaintext storage in XML configuration files, which requires serialization methods to be involved.
Ongoing coverage of React2Shell