-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from verbose logging being enabled by default (via enableVerboseLogging=true) in MQNotifierConfig. The functions RunListenerImpl.logMessage and MQMessageStep.run used this flag to log JSON messages containing build parameters. The patch introduced enableVerboseLoggingBoolean (defaulting to null/false) and migrated checks to this field, explicitly disabling verbose logging by default. The original functions using enableVerboseLogging were the entry points for insecure logging.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.sonymobile.jenkins.plugins.mq:mq-notifier | maven | < 1.4.1 | 1.4.1 |
JavaJavaOngoing coverage of React2Shell