-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:aws-codecommit-trigger | maven | <= 3.0.12 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped queue name parameter handling in form validation. Jenkins plugins typically implement form validation through doCheck* methods in Descriptor classes. The advisory specifically mentions the queue name parameter passed to a form validation URL is not escaped when rendering error messages. While exact method names aren't disclosed, the pattern matches Jenkins' form validation conventions. The high confidence comes from: 1) Direct correlation between described vulnerability pattern and Jenkins' form validation mechanics 2) Explicit mention of queue name parameter in error message context 3) Security hardening in Jenkins core (2.275+) confirms this is a form validation response issue.
Ongoing coverage of React2Shell