-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability root cause is explicitly identified in the advisory as unescaped 'caption' parameter in ExpandableDetailsNote's constructor. While no actual patch code is shown, the consistent description across multiple sources indicates the constructor was modified to add HTML escaping. In Java profiling, constructor methods appear as <init>, making hudson.model.ExpandableDetailsNote.<init>(String) the exact vulnerable function signature that would appear when malicious caption values are processed.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | >= 2.50, < 2.414.2 | 2.414.2 |
| org.jenkins-ci.main:jenkins-core | maven | >= 2.415, < 2.424 | 2.424 |
Ongoing coverage of React2Shell