Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.82-1.git.1673.133961e?arch=el7
Typerpm
Namespaceredhat
Nameatomic-enterprise-service-catalog
Version1:3.11.82-1.git.1673.133961e
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1s7q-drqn-4bhd
vulnerability_id VCID-1s7q-drqn-4bhd
summary 
Withdrawn Advisory: Prometheus XSS Vulnerability
## Withdrawn Advisory
This advisory has been withdrawn because the vulnerability does not apply to the Prometheus golang package. This link is maintained to preserve external references.

## Original Description
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3826.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3826.json
2
reference_url https://advisory.checkmarx.net/advisory/CX-2019-4297
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://advisory.checkmarx.net/advisory/CX-2019-4297
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3826
reference_id
reference_type
scores
0
value 0.01462
scoring_system epss
scoring_elements 0.80827
published_at 2026-04-07T12:55:00Z
1
value 0.01462
scoring_system epss
scoring_elements 0.80899
published_at 2026-04-21T12:55:00Z
2
value 0.01462
scoring_system epss
scoring_elements 0.80897
published_at 2026-04-18T12:55:00Z
3
value 0.01462
scoring_system epss
scoring_elements 0.80895
published_at 2026-04-16T12:55:00Z
4
value 0.01462
scoring_system epss
scoring_elements 0.80858
published_at 2026-04-13T12:55:00Z
5
value 0.01462
scoring_system epss
scoring_elements 0.80866
published_at 2026-04-12T12:55:00Z
6
value 0.01462
scoring_system epss
scoring_elements 0.8088
published_at 2026-04-11T12:55:00Z
7
value 0.01462
scoring_system epss
scoring_elements 0.80801
published_at 2026-04-01T12:55:00Z
8
value 0.01462
scoring_system epss
scoring_elements 0.80864
published_at 2026-04-09T12:55:00Z
9
value 0.01462
scoring_system epss
scoring_elements 0.80855
published_at 2026-04-08T12:55:00Z
10
value 0.01462
scoring_system epss
scoring_elements 0.80811
published_at 2026-04-02T12:55:00Z
11
value 0.01462
scoring_system epss
scoring_elements 0.80831
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3826
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
6
reference_url https://github.com/aquasecurity/trivy/issues/2992
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aquasecurity/trivy/issues/2992
7
reference_url https://github.com/prometheus/prometheus/commit/62e591f9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/prometheus/prometheus/commit/62e591f9
8
reference_url https://github.com/prometheus/prometheus/pull/5163
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/prometheus/prometheus/pull/5163
9
reference_url https://github.com/prometheus/prometheus/pull/5163/commits/ea254eea5e3c9a12d6f37a25921b7259ff1c4280
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/prometheus/prometheus/pull/5163/commits/ea254eea5e3c9a12d6f37a25921b7259ff1c4280
10
reference_url https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/merge_requests/26608
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/merge_requests/26608
11
reference_url https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8%40%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8%40%3Ccommits.zookeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177%40%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177%40%3Ccommits.zookeeper.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573%40%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573%40%3Ccommits.zookeeper.apache.org%3E
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3826
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3826
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1672865
reference_id 1672865
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1672865
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921615
reference_id 921615
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921615
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:prometheus:prometheus:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:prometheus:prometheus:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:prometheus:prometheus:*:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
fixed_packages
aliases CVE-2019-3826, GHSA-3m87-5598-2v4f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1s7q-drqn-4bhd
1
url VCID-2hfm-g99a-67de
vulnerability_id VCID-2hfm-g99a-67de
summary A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000865.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000865.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000865
reference_id
reference_type
scores
0
value 0.00615
scoring_system epss
scoring_elements 0.69917
published_at 2026-04-21T12:55:00Z
1
value 0.00615
scoring_system epss
scoring_elements 0.69876
published_at 2026-04-08T12:55:00Z
2
value 0.00615
scoring_system epss
scoring_elements 0.69891
published_at 2026-04-09T12:55:00Z
3
value 0.00615
scoring_system epss
scoring_elements 0.69914
published_at 2026-04-11T12:55:00Z
4
value 0.00615
scoring_system epss
scoring_elements 0.69899
published_at 2026-04-12T12:55:00Z
5
value 0.00615
scoring_system epss
scoring_elements 0.69885
published_at 2026-04-13T12:55:00Z
6
value 0.00615
scoring_system epss
scoring_elements 0.69926
published_at 2026-04-16T12:55:00Z
7
value 0.00615
scoring_system epss
scoring_elements 0.69935
published_at 2026-04-18T12:55:00Z
8
value 0.00615
scoring_system epss
scoring_elements 0.69823
published_at 2026-04-01T12:55:00Z
9
value 0.00615
scoring_system epss
scoring_elements 0.69835
published_at 2026-04-02T12:55:00Z
10
value 0.00615
scoring_system epss
scoring_elements 0.6985
published_at 2026-04-04T12:55:00Z
11
value 0.00615
scoring_system epss
scoring_elements 0.69827
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000865
4
reference_url https://github.com/jenkinsci/groovy-sandbox/commit/0cd7ec12b7c56cfa3167d99c5f43147ce05449d3
reference_id
reference_type
scores
url https://github.com/jenkinsci/groovy-sandbox/commit/0cd7ec12b7c56cfa3167d99c5f43147ce05449d3
5
reference_url https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b
6
reference_url https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1647059
reference_id 1647059
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1647059
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000865
reference_id CVE-2018-1000865
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000865
9
reference_url https://github.com/advisories/GHSA-p4p5-3v2j-w5rv
reference_id GHSA-p4p5-3v2j-w5rv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p4p5-3v2j-w5rv
fixed_packages
aliases CVE-2018-1000865, GHSA-p4p5-3v2j-w5rv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2hfm-g99a-67de
2
url VCID-2qhb-fu9x-k7bd
vulnerability_id VCID-2qhb-fu9x-k7bd
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
references
0
reference_url http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
2
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003001.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003001.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003001
reference_id
reference_type
scores
0
value 0.93935
scoring_system epss
scoring_elements 0.99882
published_at 2026-04-21T12:55:00Z
1
value 0.93935
scoring_system epss
scoring_elements 0.99878
published_at 2026-04-01T12:55:00Z
2
value 0.93935
scoring_system epss
scoring_elements 0.99879
published_at 2026-04-02T12:55:00Z
3
value 0.93935
scoring_system epss
scoring_elements 0.9988
published_at 2026-04-11T12:55:00Z
4
value 0.93935
scoring_system epss
scoring_elements 0.99881
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003001
5
reference_url https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/6d7884dec610bf34503d24d494d994e9fc607642
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/6d7884dec610bf34503d24d494d994e9fc607642
6
reference_url https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c
7
reference_url https://github.com/jenkinsci/workflow-cps-plugin/commit/66c3e7aafe7888d4e1fe9995a688bb3fb742d742
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-cps-plugin/commit/66c3e7aafe7888d4e1fe9995a688bb3fb742d742
8
reference_url https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
9
reference_url https://www.exploit-db.com/exploits/46572
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46572
10
reference_url https://www.exploit-db.com/exploits/46572/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46572/
11
reference_url http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1669505
reference_id 1669505
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1669505
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:pipeline\:_groovy:*:*:*:*:*:jenkins:*:*
reference_id cpe:2.3:a:jenkins:pipeline\:_groovy:*:*:*:*:*:jenkins:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:pipeline\:_groovy:*:*:*:*:*:jenkins:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003001
reference_id CVE-2019-1003001
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003001
16
reference_url https://github.com/advisories/GHSA-6q78-6xvr-26fg
reference_id GHSA-6q78-6xvr-26fg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q78-6xvr-26fg
fixed_packages
aliases CVE-2019-1003001, GHSA-6q78-6xvr-26fg
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qhb-fu9x-k7bd
3
url VCID-31wf-mpnt-dycm
vulnerability_id VCID-31wf-mpnt-dycm
summary haproxy: Out-of-bounds read in dns.c:dns_validate_dns_response() allows for memory disclosure
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20102.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20102.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20102
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09068
published_at 2026-04-01T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09141
published_at 2026-04-21T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09005
published_at 2026-04-16T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.08985
published_at 2026-04-18T12:55:00Z
4
value 0.00032
scoring_system epss
scoring_elements 0.09074
published_at 2026-04-02T12:55:00Z
5
value 0.00032
scoring_system epss
scoring_elements 0.09126
published_at 2026-04-08T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.09046
published_at 2026-04-07T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.09156
published_at 2026-04-09T12:55:00Z
8
value 0.00032
scoring_system epss
scoring_elements 0.09157
published_at 2026-04-11T12:55:00Z
9
value 0.00032
scoring_system epss
scoring_elements 0.09124
published_at 2026-04-12T12:55:00Z
10
value 0.00032
scoring_system epss
scoring_elements 0.0911
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20102
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20102
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20102
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1658874
reference_id 1658874
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1658874
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916308
reference_id 916308
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916308
6
reference_url https://security.archlinux.org/ASA-201901-15
reference_id ASA-201901-15
reference_type
scores
url https://security.archlinux.org/ASA-201901-15
7
reference_url https://security.archlinux.org/AVG-836
reference_id AVG-836
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-836
8
reference_url https://access.redhat.com/errata/RHSA-2019:0547
reference_id RHSA-2019:0547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0547
9
reference_url https://access.redhat.com/errata/RHSA-2019:1436
reference_id RHSA-2019:1436
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1436
10
reference_url https://usn.ubuntu.com/3858-1/
reference_id USN-3858-1
reference_type
scores
url https://usn.ubuntu.com/3858-1/
fixed_packages
aliases CVE-2018-20102
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31wf-mpnt-dycm
4
url VCID-48er-rqvk-nyhg
vulnerability_id VCID-48er-rqvk-nyhg
summary haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20103.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20103.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20103
reference_id
reference_type
scores
0
value 0.001
scoring_system epss
scoring_elements 0.27737
published_at 2026-04-01T12:55:00Z
1
value 0.001
scoring_system epss
scoring_elements 0.27562
published_at 2026-04-21T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.27626
published_at 2026-04-16T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.276
published_at 2026-04-18T12:55:00Z
4
value 0.001
scoring_system epss
scoring_elements 0.27774
published_at 2026-04-02T12:55:00Z
5
value 0.001
scoring_system epss
scoring_elements 0.27813
published_at 2026-04-04T12:55:00Z
6
value 0.001
scoring_system epss
scoring_elements 0.27605
published_at 2026-04-07T12:55:00Z
7
value 0.001
scoring_system epss
scoring_elements 0.27671
published_at 2026-04-08T12:55:00Z
8
value 0.001
scoring_system epss
scoring_elements 0.27715
published_at 2026-04-09T12:55:00Z
9
value 0.001
scoring_system epss
scoring_elements 0.27719
published_at 2026-04-11T12:55:00Z
10
value 0.001
scoring_system epss
scoring_elements 0.27676
published_at 2026-04-12T12:55:00Z
11
value 0.001
scoring_system epss
scoring_elements 0.27617
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20103
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20103
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20103
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1658876
reference_id 1658876
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1658876
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916307
reference_id 916307
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916307
6
reference_url https://security.archlinux.org/ASA-201901-15
reference_id ASA-201901-15
reference_type
scores
url https://security.archlinux.org/ASA-201901-15
7
reference_url https://security.archlinux.org/AVG-836
reference_id AVG-836
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-836
8
reference_url https://access.redhat.com/errata/RHSA-2019:1436
reference_id RHSA-2019:1436
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1436
9
reference_url https://usn.ubuntu.com/3858-1/
reference_id USN-3858-1
reference_type
scores
url https://usn.ubuntu.com/3858-1/
fixed_packages
aliases CVE-2018-20103
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48er-rqvk-nyhg
5
url VCID-537v-ugyf-17e2
vulnerability_id VCID-537v-ugyf-17e2
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003014.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003014.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003014
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.19777
published_at 2026-04-21T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.19818
published_at 2026-04-01T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.19964
published_at 2026-04-02T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.20022
published_at 2026-04-04T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.19749
published_at 2026-04-07T12:55:00Z
5
value 0.00064
scoring_system epss
scoring_elements 0.19829
published_at 2026-04-08T12:55:00Z
6
value 0.00064
scoring_system epss
scoring_elements 0.19882
published_at 2026-04-09T12:55:00Z
7
value 0.00064
scoring_system epss
scoring_elements 0.19891
published_at 2026-04-11T12:55:00Z
8
value 0.00064
scoring_system epss
scoring_elements 0.19847
published_at 2026-04-12T12:55:00Z
9
value 0.00064
scoring_system epss
scoring_elements 0.1979
published_at 2026-04-13T12:55:00Z
10
value 0.00064
scoring_system epss
scoring_elements 0.19762
published_at 2026-04-16T12:55:00Z
11
value 0.00064
scoring_system epss
scoring_elements 0.19765
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003014
4
reference_url https://github.com/jenkinsci/config-file-provider-plugin
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/config-file-provider-plugin
5
reference_url https://github.com/jenkinsci/config-file-provider-plugin/commit/64fba993c897ff52a9c6c38c6c41806f2e8cc73f
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/config-file-provider-plugin/commit/64fba993c897ff52a9c6c38c6c41806f2e8cc73f
6
reference_url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1253
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1253
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1671324
reference_id 1671324
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1671324
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:config_file_provider:*:*:*:*:*:jenkins:*:*
reference_id cpe:2.3:a:jenkins:config_file_provider:*:*:*:*:*:jenkins:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:config_file_provider:*:*:*:*:*:jenkins:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003014
reference_id CVE-2019-1003014
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:N
1
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003014
11
reference_url https://github.com/advisories/GHSA-pmc5-74w3-78mw
reference_id GHSA-pmc5-74w3-78mw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pmc5-74w3-78mw
fixed_packages
aliases CVE-2019-1003014, GHSA-pmc5-74w3-78mw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-537v-ugyf-17e2
6
url VCID-6ncw-2m21-t3bg
vulnerability_id VCID-6ncw-2m21-t3bg
summary A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000866.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000866.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000866
reference_id
reference_type
scores
0
value 0.00615
scoring_system epss
scoring_elements 0.69917
published_at 2026-04-21T12:55:00Z
1
value 0.00615
scoring_system epss
scoring_elements 0.69823
published_at 2026-04-01T12:55:00Z
2
value 0.00615
scoring_system epss
scoring_elements 0.69835
published_at 2026-04-02T12:55:00Z
3
value 0.00615
scoring_system epss
scoring_elements 0.6985
published_at 2026-04-04T12:55:00Z
4
value 0.00615
scoring_system epss
scoring_elements 0.69827
published_at 2026-04-07T12:55:00Z
5
value 0.00615
scoring_system epss
scoring_elements 0.69876
published_at 2026-04-08T12:55:00Z
6
value 0.00615
scoring_system epss
scoring_elements 0.69891
published_at 2026-04-09T12:55:00Z
7
value 0.00615
scoring_system epss
scoring_elements 0.69914
published_at 2026-04-11T12:55:00Z
8
value 0.00615
scoring_system epss
scoring_elements 0.69899
published_at 2026-04-12T12:55:00Z
9
value 0.00615
scoring_system epss
scoring_elements 0.69885
published_at 2026-04-13T12:55:00Z
10
value 0.00615
scoring_system epss
scoring_elements 0.69926
published_at 2026-04-16T12:55:00Z
11
value 0.00615
scoring_system epss
scoring_elements 0.69935
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000866
4
reference_url https://github.com/jenkinsci/groovy-sandbox/commit/0cd7ec12b7c56cfa3167d99c5f43147ce05449d3
reference_id
reference_type
scores
url https://github.com/jenkinsci/groovy-sandbox/commit/0cd7ec12b7c56cfa3167d99c5f43147ce05449d3
5
reference_url https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b
6
reference_url https://github.com/jenkinsci/workflow-cps-plugin/commit/0eb89aaf24065dbbdf6db84516ac1a52cd435e6d
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-cps-plugin/commit/0eb89aaf24065dbbdf6db84516ac1a52cd435e6d
7
reference_url https://github.com/jenkinsci/workflow-cps-plugin/commit/e1c56eb6d85d513cb24dfe188e6f592d0ff84b38
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-cps-plugin/commit/e1c56eb6d85d513cb24dfe188e6f592d0ff84b38
8
reference_url https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1647059
reference_id 1647059
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1647059
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000866
reference_id CVE-2018-1000866
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000866
11
reference_url https://github.com/advisories/GHSA-gqhm-4h93-rrhg
reference_id GHSA-gqhm-4h93-rrhg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqhm-4h93-rrhg
fixed_packages
aliases CVE-2018-1000866, GHSA-gqhm-4h93-rrhg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ncw-2m21-t3bg
7
url VCID-8575-gsc8-xkd6
vulnerability_id VCID-8575-gsc8-xkd6
summary 
Cross-Site Request Forgery (CSRF)
A cross-site request forgery vulnerability exists in Jenkins Git Plugin in `src/main/java/hudson/plugins/git/GitTagAction.java` allowing attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003010.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003010.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003010
reference_id
reference_type
scores
0
value 0.00651
scoring_system epss
scoring_elements 0.70877
published_at 2026-04-21T12:55:00Z
1
value 0.00651
scoring_system epss
scoring_elements 0.70819
published_at 2026-04-04T12:55:00Z
2
value 0.00651
scoring_system epss
scoring_elements 0.70794
published_at 2026-04-07T12:55:00Z
3
value 0.00651
scoring_system epss
scoring_elements 0.70837
published_at 2026-04-08T12:55:00Z
4
value 0.00651
scoring_system epss
scoring_elements 0.70853
published_at 2026-04-09T12:55:00Z
5
value 0.00651
scoring_system epss
scoring_elements 0.70876
published_at 2026-04-11T12:55:00Z
6
value 0.00651
scoring_system epss
scoring_elements 0.7086
published_at 2026-04-12T12:55:00Z
7
value 0.00651
scoring_system epss
scoring_elements 0.70845
published_at 2026-04-13T12:55:00Z
8
value 0.00651
scoring_system epss
scoring_elements 0.70891
published_at 2026-04-16T12:55:00Z
9
value 0.00651
scoring_system epss
scoring_elements 0.70897
published_at 2026-04-18T12:55:00Z
10
value 0.00651
scoring_system epss
scoring_elements 0.70786
published_at 2026-04-01T12:55:00Z
11
value 0.00651
scoring_system epss
scoring_elements 0.708
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003010
4
reference_url https://github.com/jenkinsci/git-plugin/commit/f9152d943936b1c6b493dfe750d27f0caa7c0767
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/git-plugin/commit/f9152d943936b1c6b493dfe750d27f0caa7c0767
5
reference_url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1670292
reference_id 1670292
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1670292
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:git:*:*:*:*:*:jenkins:*:*
reference_id cpe:2.3:a:jenkins:git:*:*:*:*:*:jenkins:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:git:*:*:*:*:*:jenkins:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003010
reference_id CVE-2019-1003010
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003010
10
reference_url https://github.com/advisories/GHSA-r8rw-xx57-m64q
reference_id GHSA-r8rw-xx57-m64q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r8rw-xx57-m64q
fixed_packages
aliases CVE-2019-1003010, GHSA-r8rw-xx57-m64q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8575-gsc8-xkd6
8
url VCID-8e1s-dgj6-vyfq
vulnerability_id VCID-8e1s-dgj6-vyfq
summary haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00018.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00018.html
1
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2019:0327
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20615.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20615.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20615
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37523
published_at 2026-04-01T12:55:00Z
1
value 0.00166
scoring_system epss
scoring_elements 0.3759
published_at 2026-04-21T12:55:00Z
2
value 0.00166
scoring_system epss
scoring_elements 0.37625
published_at 2026-04-13T12:55:00Z
3
value 0.00166
scoring_system epss
scoring_elements 0.37672
published_at 2026-04-16T12:55:00Z
4
value 0.00166
scoring_system epss
scoring_elements 0.37654
published_at 2026-04-18T12:55:00Z
5
value 0.00166
scoring_system epss
scoring_elements 0.37705
published_at 2026-04-02T12:55:00Z
6
value 0.00166
scoring_system epss
scoring_elements 0.3773
published_at 2026-04-04T12:55:00Z
7
value 0.00166
scoring_system epss
scoring_elements 0.37609
published_at 2026-04-07T12:55:00Z
8
value 0.00166
scoring_system epss
scoring_elements 0.3766
published_at 2026-04-08T12:55:00Z
9
value 0.00166
scoring_system epss
scoring_elements 0.37673
published_at 2026-04-09T12:55:00Z
10
value 0.00166
scoring_system epss
scoring_elements 0.37687
published_at 2026-04-11T12:55:00Z
11
value 0.00166
scoring_system epss
scoring_elements 0.37653
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20615
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20615
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20615
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://www.mail-archive.com/haproxy%40formilux.org/msg32304.html
reference_id
reference_type
scores
url https://www.mail-archive.com/haproxy%40formilux.org/msg32304.html
7
reference_url http://www.securityfocus.com/bid/106645
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106645
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1663060
reference_id 1663060
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1663060
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:-:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:-:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:-:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev0:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:dev0:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev0:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev1:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:dev1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev1:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev10:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:dev10:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev10:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev11:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:dev11:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev11:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev2:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:dev2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev2:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev3:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:dev3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev3:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev4:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:dev4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev4:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev5:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:dev5:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev5:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev6:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:dev6:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev6:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev7:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:dev7:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev7:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev8:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:dev8:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev8:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev9:*:*:*:*:*:*
reference_id cpe:2.3:a:haproxy:haproxy:1.9.0:dev9:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev9:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20615
reference_id CVE-2018-20615
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2018-20615
33
reference_url https://access.redhat.com/errata/RHSA-2019:0275
reference_id RHSA-2019:0275
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0275
34
reference_url https://access.redhat.com/errata/RHSA-2019:0547
reference_id RHSA-2019:0547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0547
35
reference_url https://access.redhat.com/errata/RHSA-2019:0548
reference_id RHSA-2019:0548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0548
36
reference_url https://usn.ubuntu.com/3858-1/
reference_id USN-3858-1
reference_type
scores
url https://usn.ubuntu.com/3858-1/
fixed_packages
aliases CVE-2018-20615
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8e1s-dgj6-vyfq
9
url VCID-a6ur-dzqs-hfge
vulnerability_id VCID-a6ur-dzqs-hfge
summary 
Code Injection
A sandbox bypass vulnerability exists in Script Security Plugin that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
references
0
reference_url http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
2
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003000.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003000.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003000
reference_id
reference_type
scores
0
value 0.94343
scoring_system epss
scoring_elements 0.99955
published_at 2026-04-21T12:55:00Z
1
value 0.94441
scoring_system epss
scoring_elements 0.9999
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003000
5
reference_url https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c
6
reference_url https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
7
reference_url https://www.exploit-db.com/exploits/46453
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46453
8
reference_url https://www.exploit-db.com/exploits/46453/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46453/
9
reference_url https://www.exploit-db.com/exploits/46572
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46572
10
reference_url https://www.exploit-db.com/exploits/46572/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46572/
11
reference_url http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1667566
reference_id 1667566
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1667566
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*
reference_id cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003000
reference_id CVE-2019-1003000
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003000
16
reference_url https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html
reference_id CVE-2019-1003002;CVE-2019-1003001;CVE-2019-1003000
reference_type exploit
scores
url https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html
17
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/46572.rb
reference_id CVE-2019-1003002;CVE-2019-1003001;CVE-2019-1003000
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/46572.rb
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/46427.txt
reference_id CVE-2019-1003002;CVE-2019-1003001;CVE-2019-1003000
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/46427.txt
19
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/24143f812c7bede6d0ab66a6830761f621140ebd/modules/exploits/multi/http/jenkins_metaprogramming.rb
reference_id CVE-2019-1003002;CVE-2019-1003001;CVE-2019-1003000
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/24143f812c7bede6d0ab66a6830761f621140ebd/modules/exploits/multi/http/jenkins_metaprogramming.rb
20
reference_url https://github.com/advisories/GHSA-784j-h234-m56x
reference_id GHSA-784j-h234-m56x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-784j-h234-m56x
fixed_packages
aliases CVE-2019-1003000, GHSA-784j-h234-m56x
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6ur-dzqs-hfge
10
url VCID-bmfa-vgay-2fbt
vulnerability_id VCID-bmfa-vgay-2fbt
summary 
Cross-Site Request Forgery (CSRF)
A data modification vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-core-js/src/js/bundleStartup.js`, `blueocean-core-js/src/js/fetch.ts`, `blueocean-core-js/src/js/i18n/i18n.js`, `blueocean-core-js/src/js/urlconfig.js`, `blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java`, `blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly` that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003012.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003012.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003012
reference_id
reference_type
scores
0
value 0.00154
scoring_system epss
scoring_elements 0.36116
published_at 2026-04-21T12:55:00Z
1
value 0.00154
scoring_system epss
scoring_elements 0.36295
published_at 2026-04-04T12:55:00Z
2
value 0.00154
scoring_system epss
scoring_elements 0.3613
published_at 2026-04-07T12:55:00Z
3
value 0.00154
scoring_system epss
scoring_elements 0.36179
published_at 2026-04-08T12:55:00Z
4
value 0.00154
scoring_system epss
scoring_elements 0.36197
published_at 2026-04-09T12:55:00Z
5
value 0.00154
scoring_system epss
scoring_elements 0.36203
published_at 2026-04-11T12:55:00Z
6
value 0.00154
scoring_system epss
scoring_elements 0.36166
published_at 2026-04-12T12:55:00Z
7
value 0.00154
scoring_system epss
scoring_elements 0.3614
published_at 2026-04-13T12:55:00Z
8
value 0.00154
scoring_system epss
scoring_elements 0.36182
published_at 2026-04-16T12:55:00Z
9
value 0.00154
scoring_system epss
scoring_elements 0.36167
published_at 2026-04-18T12:55:00Z
10
value 0.00154
scoring_system epss
scoring_elements 0.36066
published_at 2026-04-01T12:55:00Z
11
value 0.00154
scoring_system epss
scoring_elements 0.36261
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003012
4
reference_url https://github.com/jenkinsci/blueocean-plugin/commit/1a03020b5a50c1e3f47d4b0902ec7fc78d3c86ce
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/blueocean-plugin/commit/1a03020b5a50c1e3f47d4b0902ec7fc78d3c86ce
5
reference_url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1670298
reference_id 1670298
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1670298
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*
reference_id cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003012
reference_id CVE-2019-1003012
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003012
10
reference_url https://github.com/advisories/GHSA-qxh5-5r5p-5gvf
reference_id GHSA-qxh5-5r5p-5gvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qxh5-5r5p-5gvf
fixed_packages
aliases CVE-2019-1003012, GHSA-qxh5-5r5p-5gvf
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bmfa-vgay-2fbt
11
url VCID-cf29-8rvn-kfbd
vulnerability_id VCID-cf29-8rvn-kfbd
summary 
Insufficient Session Expiration
An improper authorization vulnerability exists in Jenkins in `core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java` that allows attackers with `Overall/RunScripts` permission to craft Remember Me cookies that would never expire, allowing to persist access to temporarily compromised user accounts.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003003.json
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003003.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003003
reference_id
reference_type
scores
0
value 0.01946
scoring_system epss
scoring_elements 0.83481
published_at 2026-04-16T12:55:00Z
1
value 0.01946
scoring_system epss
scoring_elements 0.83446
published_at 2026-04-13T12:55:00Z
2
value 0.01946
scoring_system epss
scoring_elements 0.8345
published_at 2026-04-12T12:55:00Z
3
value 0.01946
scoring_system epss
scoring_elements 0.83457
published_at 2026-04-11T12:55:00Z
4
value 0.01946
scoring_system epss
scoring_elements 0.83442
published_at 2026-04-09T12:55:00Z
5
value 0.01946
scoring_system epss
scoring_elements 0.83432
published_at 2026-04-08T12:55:00Z
6
value 0.01946
scoring_system epss
scoring_elements 0.83408
published_at 2026-04-07T12:55:00Z
7
value 0.01946
scoring_system epss
scoring_elements 0.83409
published_at 2026-04-04T12:55:00Z
8
value 0.01946
scoring_system epss
scoring_elements 0.83394
published_at 2026-04-02T12:55:00Z
9
value 0.01946
scoring_system epss
scoring_elements 0.83381
published_at 2026-04-01T12:55:00Z
10
value 0.01946
scoring_system epss
scoring_elements 0.83484
published_at 2026-04-21T12:55:00Z
11
value 0.01946
scoring_system epss
scoring_elements 0.83483
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003003
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/7b4649657f90e98a5564cf5f0892deaa5fee0454
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/7b4649657f90e98a5564cf5f0892deaa5fee0454
5
reference_url https://jenkins.io/security/advisory/2019-01-16/#SECURITY-868
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-16/#SECURITY-868
6
reference_url https://web.archive.org/web/20200227092104/http://www.securityfocus.com/bid/106680
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227092104/http://www.securityfocus.com/bid/106680
7
reference_url http://www.securityfocus.com/bid/106680
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106680
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1668345
reference_id 1668345
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1668345
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003003
reference_id CVE-2019-1003003
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003003
13
reference_url https://github.com/advisories/GHSA-6rh5-23hx-j452
reference_id GHSA-6rh5-23hx-j452
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6rh5-23hx-j452
fixed_packages
aliases CVE-2019-1003003, GHSA-6rh5-23hx-j452
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cf29-8rvn-kfbd
12
url VCID-gmw4-qd6z-aqht
vulnerability_id VCID-gmw4-qd6z-aqht
summary 
Cross-site Scripting
An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export/ExportConfig.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java`, `blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly' that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003013.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003013.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003013
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.18955
published_at 2026-04-21T12:55:00Z
1
value 0.00061
scoring_system epss
scoring_elements 0.19222
published_at 2026-04-04T12:55:00Z
2
value 0.00061
scoring_system epss
scoring_elements 0.18938
published_at 2026-04-07T12:55:00Z
3
value 0.00061
scoring_system epss
scoring_elements 0.19017
published_at 2026-04-08T12:55:00Z
4
value 0.00061
scoring_system epss
scoring_elements 0.19071
published_at 2026-04-09T12:55:00Z
5
value 0.00061
scoring_system epss
scoring_elements 0.19077
published_at 2026-04-11T12:55:00Z
6
value 0.00061
scoring_system epss
scoring_elements 0.1903
published_at 2026-04-12T12:55:00Z
7
value 0.00061
scoring_system epss
scoring_elements 0.18978
published_at 2026-04-13T12:55:00Z
8
value 0.00061
scoring_system epss
scoring_elements 0.18932
published_at 2026-04-16T12:55:00Z
9
value 0.00061
scoring_system epss
scoring_elements 0.18946
published_at 2026-04-18T12:55:00Z
10
value 0.00061
scoring_system epss
scoring_elements 0.19035
published_at 2026-04-01T12:55:00Z
11
value 0.00061
scoring_system epss
scoring_elements 0.1917
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003013
4
reference_url https://github.com/jenkinsci/blueocean-plugin/commit/62775e78532b756826bb237775b64a5052624b57
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/blueocean-plugin/commit/62775e78532b756826bb237775b64a5052624b57
5
reference_url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1670299
reference_id 1670299
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1670299
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*
reference_id cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003013
reference_id CVE-2019-1003013
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003013
10
reference_url https://github.com/advisories/GHSA-7fjr-5hph-c2mh
reference_id GHSA-7fjr-5hph-c2mh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7fjr-5hph-c2mh
fixed_packages
aliases CVE-2019-1003013, GHSA-7fjr-5hph-c2mh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gmw4-qd6z-aqht
13
url VCID-qdk1-p4qg-p3ar
vulnerability_id VCID-qdk1-p4qg-p3ar
summary 
Improper Input Validation
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin which allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003011.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003011.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003011
reference_id
reference_type
scores
0
value 0.00556
scoring_system epss
scoring_elements 0.68159
published_at 2026-04-21T12:55:00Z
1
value 0.00556
scoring_system epss
scoring_elements 0.68106
published_at 2026-04-04T12:55:00Z
2
value 0.00556
scoring_system epss
scoring_elements 0.68084
published_at 2026-04-07T12:55:00Z
3
value 0.00556
scoring_system epss
scoring_elements 0.68135
published_at 2026-04-08T12:55:00Z
4
value 0.00556
scoring_system epss
scoring_elements 0.6815
published_at 2026-04-09T12:55:00Z
5
value 0.00556
scoring_system epss
scoring_elements 0.68175
published_at 2026-04-11T12:55:00Z
6
value 0.00556
scoring_system epss
scoring_elements 0.68161
published_at 2026-04-12T12:55:00Z
7
value 0.00556
scoring_system epss
scoring_elements 0.68128
published_at 2026-04-13T12:55:00Z
8
value 0.00556
scoring_system epss
scoring_elements 0.68165
published_at 2026-04-16T12:55:00Z
9
value 0.00556
scoring_system epss
scoring_elements 0.68177
published_at 2026-04-18T12:55:00Z
10
value 0.00556
scoring_system epss
scoring_elements 0.68065
published_at 2026-04-01T12:55:00Z
11
value 0.00556
scoring_system epss
scoring_elements 0.68087
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003011
4
reference_url https://github.com/jenkinsci/token-macro-plugin/commit/70163600031ea8d43833e6eea928f8fa2e44f96a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/token-macro-plugin/commit/70163600031ea8d43833e6eea928f8fa2e44f96a
5
reference_url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1670296
reference_id 1670296
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1670296
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:token_macro:*:*:*:*:*:jenkins:*:*
reference_id cpe:2.3:a:jenkins:token_macro:*:*:*:*:*:jenkins:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:token_macro:*:*:*:*:*:jenkins:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003011
reference_id CVE-2019-1003011
reference_type
scores
0
value 5.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:P
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003011
10
reference_url https://github.com/advisories/GHSA-23h9-m55m-c5jp
reference_id GHSA-23h9-m55m-c5jp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23h9-m55m-c5jp
fixed_packages
aliases CVE-2019-1003011, GHSA-23h9-m55m-c5jp
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdk1-p4qg-p3ar
14
url VCID-uyuv-7nbj-zfcp
vulnerability_id VCID-uyuv-7nbj-zfcp
summary 
Insufficient Session Expiration
An improper authorization vulnerability exists in Jenkins in `core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java` that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003004.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003004.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003004
reference_id
reference_type
scores
0
value 0.01743
scoring_system epss
scoring_elements 0.82561
published_at 2026-04-21T12:55:00Z
1
value 0.01743
scoring_system epss
scoring_elements 0.82479
published_at 2026-04-04T12:55:00Z
2
value 0.01743
scoring_system epss
scoring_elements 0.82476
published_at 2026-04-07T12:55:00Z
3
value 0.01743
scoring_system epss
scoring_elements 0.82503
published_at 2026-04-08T12:55:00Z
4
value 0.01743
scoring_system epss
scoring_elements 0.8251
published_at 2026-04-09T12:55:00Z
5
value 0.01743
scoring_system epss
scoring_elements 0.82529
published_at 2026-04-11T12:55:00Z
6
value 0.01743
scoring_system epss
scoring_elements 0.82525
published_at 2026-04-12T12:55:00Z
7
value 0.01743
scoring_system epss
scoring_elements 0.8252
published_at 2026-04-13T12:55:00Z
8
value 0.01743
scoring_system epss
scoring_elements 0.82557
published_at 2026-04-18T12:55:00Z
9
value 0.01743
scoring_system epss
scoring_elements 0.82447
published_at 2026-04-01T12:55:00Z
10
value 0.01743
scoring_system epss
scoring_elements 0.82462
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003004
3
reference_url https://jenkins.io/security/advisory/2019-01-16/#SECURITY-901
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-16/#SECURITY-901
4
reference_url http://www.securityfocus.com/bid/106680
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106680
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1668736
reference_id 1668736
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1668736
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003004
reference_id CVE-2019-1003004
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003004
10
reference_url https://github.com/advisories/GHSA-8qxp-g8jv-p37x
reference_id GHSA-8qxp-g8jv-p37x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8qxp-g8jv-p37x
fixed_packages
aliases CVE-2019-1003004, GHSA-8qxp-g8jv-p37x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uyuv-7nbj-zfcp
15
url VCID-ygq7-sv7h-7fax
vulnerability_id VCID-ygq7-sv7h-7fax
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
references
0
reference_url http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
2
reference_url https://access.redhat.com/errata/RHBA-2019:0327
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0327
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003002.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003002.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003002
reference_id
reference_type
scores
0
value 0.93454
scoring_system epss
scoring_elements 0.99822
published_at 2026-04-21T12:55:00Z
1
value 0.93454
scoring_system epss
scoring_elements 0.99818
published_at 2026-04-04T12:55:00Z
2
value 0.93454
scoring_system epss
scoring_elements 0.99819
published_at 2026-04-09T12:55:00Z
3
value 0.93454
scoring_system epss
scoring_elements 0.9982
published_at 2026-04-13T12:55:00Z
4
value 0.93454
scoring_system epss
scoring_elements 0.99821
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003002
5
reference_url https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/083abd96e68fd89f556a0cd53db5f878dbf09b92
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/083abd96e68fd89f556a0cd53db5f878dbf09b92
6
reference_url https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
7
reference_url https://www.exploit-db.com/exploits/46572
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46572
8
reference_url https://www.exploit-db.com/exploits/46572/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46572/
9
reference_url http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1669508
reference_id 1669508
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1669508
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:pipeline\:_declarative:*:*:*:*:*:jenkins:*:*
reference_id cpe:2.3:a:jenkins:pipeline\:_declarative:*:*:*:*:*:jenkins:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:pipeline\:_declarative:*:*:*:*:*:jenkins:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003002
reference_id CVE-2019-1003002
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003002
14
reference_url https://github.com/advisories/GHSA-x6jx-cxg3-mggh
reference_id GHSA-x6jx-cxg3-mggh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x6jx-cxg3-mggh
fixed_packages
aliases CVE-2019-1003002, GHSA-x6jx-cxg3-mggh
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygq7-sv7h-7fax
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.82-1.git.1673.133961e%3Farch=el7