Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins@2.387.1.1680701869-1?arch=el8
Typerpm
Namespaceredhat
Namejenkins
Version2.387.1.1680701869-1
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-6xjw-mcru-1qcm
vulnerability_id VCID-6xjw-mcru-1qcm
summary 
Incorrect Authorization
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27903.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27903.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27903
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20685
published_at 2026-06-09T12:55:00Z
1
value 0.00066
scoring_system epss
scoring_elements 0.20807
published_at 2026-06-05T12:55:00Z
2
value 0.00066
scoring_system epss
scoring_elements 0.20794
published_at 2026-06-06T12:55:00Z
3
value 0.00066
scoring_system epss
scoring_elements 0.2075
published_at 2026-06-07T12:55:00Z
4
value 0.00066
scoring_system epss
scoring_elements 0.2068
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27903
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27903.json
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27903.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/554587b06db553ce35fa362d7a0b0aef33a57afb
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/554587b06db553ce35fa362d7a0b0aef33a57afb
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:49:07Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177632
reference_id 2177632
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177632
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27903
reference_id CVE-2023-27903
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27903
7
reference_url https://github.com/advisories/GHSA-584m-7r4m-8j6v
reference_id GHSA-584m-7r4m-8j6v
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-584m-7r4m-8j6v
8
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
9
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
10
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
11
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
12
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
13
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
14
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
15
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
16
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-27903, GHSA-584m-7r4m-8j6v
risk_score 2.0
exploitability 0.5
weighted_severity 4.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xjw-mcru-1qcm
1
url VCID-e367-ugxk-juhe
vulnerability_id VCID-e367-ugxk-juhe
summary spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31692.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31692.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31692
reference_id
reference_type
scores
0
value 0.07387
scoring_system epss
scoring_elements 0.9189
published_at 2026-06-09T12:55:00Z
1
value 0.07387
scoring_system epss
scoring_elements 0.91865
published_at 2026-06-04T12:55:00Z
2
value 0.07387
scoring_system epss
scoring_elements 0.91877
published_at 2026-06-05T12:55:00Z
3
value 0.07387
scoring_system epss
scoring_elements 0.91879
published_at 2026-06-06T12:55:00Z
4
value 0.07387
scoring_system epss
scoring_elements 0.91876
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31692
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31692
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31692
4
reference_url https://security.netapp.com/advisory/ntap-20221215-0010
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221215-0010
5
reference_url https://tanzu.vmware.com/security/cve-2022-31692
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-06T15:52:10Z/
url https://tanzu.vmware.com/security/cve-2022-31692
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2162206
reference_id 2162206
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2162206
7
reference_url https://github.com/advisories/GHSA-mmmh-wcxm-2wr4
reference_id GHSA-mmmh-wcxm-2wr4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmmh-wcxm-2wr4
8
reference_url https://security.netapp.com/advisory/ntap-20221215-0010/
reference_id ntap-20221215-0010
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-06T15:52:10Z/
url https://security.netapp.com/advisory/ntap-20221215-0010/
9
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
fixed_packages
aliases CVE-2022-31692, GHSA-mmmh-wcxm-2wr4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e367-ugxk-juhe
2
url VCID-gj2j-bkb4-v3gt
vulnerability_id VCID-gj2j-bkb4-v3gt
summary 
Generation of Error Message Containing Sensitive Information
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27904.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27904.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27904
reference_id
reference_type
scores
0
value 0.00495
scoring_system epss
scoring_elements 0.6614
published_at 2026-06-08T12:55:00Z
1
value 0.00495
scoring_system epss
scoring_elements 0.66158
published_at 2026-06-09T12:55:00Z
2
value 0.00495
scoring_system epss
scoring_elements 0.66168
published_at 2026-06-06T12:55:00Z
3
value 0.00495
scoring_system epss
scoring_elements 0.66152
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27904
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:51:08Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177634
reference_id 2177634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177634
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27904
reference_id CVE-2023-27904
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27904
7
reference_url https://github.com/advisories/GHSA-rrgp-c2w8-6vg6
reference_id GHSA-rrgp-c2w8-6vg6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrgp-c2w8-6vg6
8
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
9
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
10
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
11
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
12
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
13
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
14
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
15
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
16
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
17
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-27904, GHSA-rrgp-c2w8-6vg6
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gj2j-bkb4-v3gt
3
url VCID-nskz-6rkk-j7ak
vulnerability_id VCID-nskz-6rkk-j7ak
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27898.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27898.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27898
reference_id
reference_type
scores
0
value 0.02384
scoring_system epss
scoring_elements 0.85313
published_at 2026-06-09T12:55:00Z
1
value 0.02384
scoring_system epss
scoring_elements 0.85314
published_at 2026-06-07T12:55:00Z
2
value 0.02384
scoring_system epss
scoring_elements 0.8532
published_at 2026-06-06T12:55:00Z
3
value 0.02384
scoring_system epss
scoring_elements 0.853
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27898
2
reference_url https://github.com/jenkinsci/jenkins/commit/59ac866d9946d7c296023da0ea78baafd4cf71eb
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/59ac866d9946d7c296023da0ea78baafd4cf71eb
3
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:33:39Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177629
reference_id 2177629
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177629
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27898
reference_id CVE-2023-27898
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27898
6
reference_url https://github.com/advisories/GHSA-j664-qhh4-hpf8
reference_id GHSA-j664-qhh4-hpf8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j664-qhh4-hpf8
7
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
8
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
fixed_packages
aliases CVE-2023-27898, GHSA-j664-qhh4-hpf8
risk_score 4.3
exploitability 0.5
weighted_severity 8.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nskz-6rkk-j7ak
4
url VCID-tvny-r91j-67ht
vulnerability_id VCID-tvny-r91j-67ht
summary 
Incorrect Authorization
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27899.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27899.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27899
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11393
published_at 2026-06-09T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.11499
published_at 2026-06-05T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.11496
published_at 2026-06-06T12:55:00Z
3
value 0.00037
scoring_system epss
scoring_elements 0.11462
published_at 2026-06-07T12:55:00Z
4
value 0.00037
scoring_system epss
scoring_elements 0.11381
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27899
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27899.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27899.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/f39c11fa27b14923260c4c9b896f0f373e2a0a17
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/f39c11fa27b14923260c4c9b896f0f373e2a0a17
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-28T18:35:20Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177626
reference_id 2177626
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177626
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27899
reference_id CVE-2023-27899
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27899
7
reference_url https://github.com/advisories/GHSA-hf9h-vv4m-2f33
reference_id GHSA-hf9h-vv4m-2f33
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hf9h-vv4m-2f33
8
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
9
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
fixed_packages
aliases CVE-2023-27899, GHSA-hf9h-vv4m-2f33
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tvny-r91j-67ht
5
url VCID-wgr8-7pnz-sbay
vulnerability_id VCID-wgr8-7pnz-sbay
summary spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31690.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31690.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31690
reference_id
reference_type
scores
0
value 0.00313
scoring_system epss
scoring_elements 0.54808
published_at 2026-06-09T12:55:00Z
1
value 0.00313
scoring_system epss
scoring_elements 0.54746
published_at 2026-06-04T12:55:00Z
2
value 0.00313
scoring_system epss
scoring_elements 0.54804
published_at 2026-06-05T12:55:00Z
3
value 0.00313
scoring_system epss
scoring_elements 0.54814
published_at 2026-06-06T12:55:00Z
4
value 0.00313
scoring_system epss
scoring_elements 0.54807
published_at 2026-06-07T12:55:00Z
5
value 0.00313
scoring_system epss
scoring_elements 0.54787
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31690
2
reference_url https://github.com/spring-projects/spring-security-samples/blob/4638e1e428ee2ddab234199eb3b67b9c94dfa08b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/SecurityConfiguration.java#L48
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security-samples/blob/4638e1e428ee2ddab234199eb3b67b9c94dfa08b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/SecurityConfiguration.java#L48
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31690
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31690
4
reference_url https://security.netapp.com/advisory/ntap-20221215-0010
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221215-0010
5
reference_url https://tanzu.vmware.com/security/cve-2022-31690
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:42:47Z/
url https://tanzu.vmware.com/security/cve-2022-31690
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2162200
reference_id 2162200
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2162200
7
reference_url https://github.com/advisories/GHSA-32vj-v39g-jh23
reference_id GHSA-32vj-v39g-jh23
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-32vj-v39g-jh23
8
reference_url https://security.netapp.com/advisory/ntap-20221215-0010/
reference_id ntap-20221215-0010
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:42:47Z/
url https://security.netapp.com/advisory/ntap-20221215-0010/
9
reference_url https://access.redhat.com/errata/RHSA-2023:1285
reference_id RHSA-2023:1285
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1285
10
reference_url https://access.redhat.com/errata/RHSA-2023:1286
reference_id RHSA-2023:1286
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1286
11
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
12
reference_url https://access.redhat.com/errata/RHSA-2023:2041
reference_id RHSA-2023:2041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2041
fixed_packages
aliases CVE-2022-31690, GHSA-32vj-v39g-jh23
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgr8-7pnz-sbay
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.387.1.1680701869-1%3Farch=el8