-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:jira-steps | maven | <= 2.0.165.v8846cf59f3db |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unencrypted storage of private keys in JiraStepsConfig.xml. Jenkins plugins typically use Java classes with DataBound setters/getters and XStream serialization for configuration. The functions responsible for setting the private key value (setPrivateKey()) and persisting the configuration (save()) would directly handle the plaintext storage. The advisory's explicit reference to JiraStepsConfig.xml and lack of encryption mechanism confirms these functions are involved in the insecure storage.
A Semantic Attack on Google Gemini - Read the Latest Research