-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability involves unencrypted storage of API keys in job config.xml files. The patch primarily focuses on replacing plain text password storage with Jenkins' Secret object. I identified all functions that previously handled passwords as plain text strings and were modified to use Secret objects instead. These functions would appear in runtime profiling when API keys are being processed or stored. The changes are evident in multiple files where password handling was modified, particularly in constructors and getter methods. The confidence is high because the patch explicitly shows the transition from plain text to encrypted storage for all password-related fields.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:vmanager-plugin | maven | < 4.0.1 | 4.0.1 |
KEV Misses 88% of Exploited CVEs- Get the report