-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| jenkins:repository | maven | <= 1.10 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly states that versions from pom.xml are not escaped in the Build Artifacts As Maven Repository page. Jenkins plugins typically use Jelly/Groovy templates for UI rendering, and the lack of escaping in these templates is a common XSS vector. While exact code isn't provided, the pattern matches Jenkins' architecture where: 1) Data binding occurs in view templates 2) XSS vulnerabilities often stem from missing ${..._escape} directives in Jelly/Groovy files 3) The 'versions' field is a standard Maven metadata element displayed in repository UIs.
Ongoing coverage of React2Shell