-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe commit diff shows removal of the System.setProperty() call that modified the CSP header in NeuVectorBuilder.java. This line explicitly weakened the security policy for static content handling. The vulnerability description confirms this action made Jenkins vulnerable to XSS when the build step executed. The function's direct manipulation of security-critical CSP headers and its removal in the patch establishes high confidence.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.jenkins.plugins:neuvector-vulnerability-scanner | maven | <= 1.20 | 1.22 |
KEV Misses 88% of Exploited CVEs- Get the report