-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe core vulnerability stems from unescaped display of user-controlled view names. Jenkins Jelly templates typically use ${} expressions, and the advisory specifically calls out missing escaping. The high-confidence entry points to the main view rendering template where names are displayed. The medium-confidence entry addresses the configuration persistence layer, though the exact storage mechanism isn't explicitly documented in available sources. The pattern matches Jenkins' typical XSS vulnerabilities where user input flows through configuration forms to display templates without proper escaping.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:build-monitor-plugin | maven | <= 1.14-860.vd06ef2568b |
Ongoing coverage of React2Shell