Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/jenkins-2-plugins@4.1.1561471763-1?arch=el7

Type rpm

Namespace redhat

Name jenkins-2-plugins

Version 4.1.1561471763-1

Qualifiers

arch	el7

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-2r58-w5gn-x3bt

vulnerability_id

VCID-2r58-w5gn-x3bt

summary

Improper Restriction of XML External Entity Reference
An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin allows attackers, who are able to control the content of the input file for the "XML" macro, to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:1636

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1636

reference_url

https://access.redhat.com/errata/RHSA-2019:1851

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1851

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10337.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10337.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10337

reference_id

reference_type

scores

value	0.00233
scoring_system	epss
scoring_elements	0.46136
published_at	2026-04-11T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46095
published_at	2026-04-24T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.4605
published_at	2026-04-01T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.4609
published_at	2026-04-02T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46111
published_at	2026-04-04T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46058
published_at	2026-04-07T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46114
published_at	2026-04-08T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46112
published_at	2026-04-09T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46108
published_at	2026-04-12T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46116
published_at	2026-04-21T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46171
published_at	2026-04-18T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46174
published_at	2026-04-16T12:55:00Z

value	0.00233
scoring_system	epss
scoring_elements	0.46117
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10337

reference_url

https://github.com/jenkinsci/token-macro-plugin

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/token-macro-plugin

reference_url

https://github.com/jenkinsci/token-macro-plugin/commit/004319f1b6e2a0f097a096b9df9dc19a5ac0d9b0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/token-macro-plugin/commit/004319f1b6e2a0f097a096b9df9dc19a5ac0d9b0

reference_url

https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1399

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1399

reference_url

http://www.openwall.com/lists/oss-security/2019/06/11/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/06/11/1

reference_url

http://www.securityfocus.com/bid/108747

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/108747

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1719782
reference_id	1719782
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1719782

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10337

reference_id

CVE-2019-10337

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10337

reference_url

https://github.com/advisories/GHSA-g6h2-4x64-c59x

reference_id

GHSA-g6h2-4x64-c59x

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g6h2-4x64-c59x

fixed_packages

aliases

CVE-2019-10337, GHSA-g6h2-4x64-c59x

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-2r58-w5gn-x3bt

url

VCID-ftky-shfy-bufk

vulnerability_id

VCID-ftky-shfy-bufk

summary

Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.

references

reference_url

https://access.redhat.com/errata/RHBA-2019:1605

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHBA-2019:1605

reference_url

https://access.redhat.com/errata/RHSA-2019:1636

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1636

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10328.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10328.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10328

reference_id

reference_type

scores

value	0.00276
scoring_system	epss
scoring_elements	0.51121
published_at	2026-04-11T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51053
published_at	2026-04-24T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.50988
published_at	2026-04-01T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51042
published_at	2026-04-02T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51066
published_at	2026-04-04T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51024
published_at	2026-04-07T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51081
published_at	2026-04-08T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51077
published_at	2026-04-09T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51099
published_at	2026-04-12T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51105
published_at	2026-04-21T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51128
published_at	2026-04-18T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51122
published_at	2026-04-16T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51083
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10328

reference_url

https://github.com/jenkinsci/workflow-remote-loader-plugin

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/workflow-remote-loader-plugin

reference_url

https://github.com/jenkinsci/workflow-remote-loader-plugin/commit/6f9d60f614359720ec98e22b80ba15e8bf88e712

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/workflow-remote-loader-plugin/commit/6f9d60f614359720ec98e22b80ba15e8bf88e712

reference_url

https://jenkins.io/security/advisory/2019-05-31/#SECURITY-921

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2019-05-31/#SECURITY-921

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10328

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10328

reference_url

http://www.openwall.com/lists/oss-security/2019/05/31/2

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/05/31/2

reference_url

http://www.securityfocus.com/bid/108540

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/108540

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1716794
reference_id	1716794
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1716794

reference_url

https://github.com/advisories/GHSA-v558-fhw2-v46w

reference_id

GHSA-v558-fhw2-v46w

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v558-fhw2-v46w

fixed_packages

aliases

CVE-2019-10328, GHSA-v558-fhw2-v46w

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ftky-shfy-bufk

url

VCID-s5qz-aqj7-6uhz

vulnerability_id

VCID-s5qz-aqj7-6uhz

summary

File and Directory Information Exposure
Jenkins Credentials Plugin allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

references

reference_url

https://access.redhat.com/errata/RHBA-2019:1605

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHBA-2019:1605

reference_url

https://access.redhat.com/errata/RHSA-2019:1636

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1636

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10320.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10320.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10320

reference_id

reference_type

scores

value	0.00111
scoring_system	epss
scoring_elements	0.29495
published_at	2026-04-21T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29382
published_at	2026-04-24T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30308
published_at	2026-04-09T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30267
published_at	2026-04-12T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30312
published_at	2026-04-11T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.3032
published_at	2026-04-01T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30351
published_at	2026-04-02T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30398
published_at	2026-04-04T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30213
published_at	2026-04-07T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30273
published_at	2026-04-08T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30217
published_at	2026-04-18T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30235
published_at	2026-04-16T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30221
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10320

reference_url

http://seclists.org/fulldisclosure/2019/May/39

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2019/May/39

reference_url

https://github.com/jenkinsci/credentials-plugin/commit/40d0b5cc53c265b601ffaa4469310fad390a80fb

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/credentials-plugin/commit/40d0b5cc53c265b601ffaa4469310fad390a80fb

reference_url

https://jenkins.io/security/advisory/2019-05-21/#SECURITY-1322

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2019-05-21/#SECURITY-1322

reference_url

https://wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320

reference_url	https://wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320/
reference_id
reference_type
scores
url	https://wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320/

reference_url

http://www.openwall.com/lists/oss-security/2019/05/21/1

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/05/21/1

reference_url

http://www.securityfocus.com/bid/108462

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/108462

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1714054
reference_id	1714054
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1714054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10320

reference_id

CVE-2019-10320

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10320

reference_url

https://github.com/advisories/GHSA-xm94-9jw8-p6hw

reference_id

GHSA-xm94-9jw8-p6hw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xm94-9jw8-p6hw

fixed_packages

aliases

CVE-2019-10320, GHSA-xm94-9jw8-p6hw

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-s5qz-aqj7-6uhz

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.1.1561471763-1%3Farch=el7

Package Instance