Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.main/jenkins-core@2.320
Typemaven
Namespaceorg.jenkins-ci.main
Namejenkins-core
Version2.320
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.330
Latest_non_vulnerable_version2.555
Affected_by_vulnerabilities
0
url VCID-gua8-x599-fqad
vulnerability_id VCID-gua8-x599-fqad
summary 
Cross-site Scripting vulnerability in Jenkins
Since Jenkins 2.320 and LTS 2.332.1, help icon tooltips no longer escape the feature name, effectively undoing the fix for [SECURITY-1955](https://www.jenkins.io/security/advisory/2020-08-12/#SECURITY-1955).

This vulnerability is known to be exploitable by attackers with Job/Configure permission.

Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability, the feature name in help icon tooltips is now escaped.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34170.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34170.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34170
reference_id
reference_type
scores
0
value 0.03786
scoring_system epss
scoring_elements 0.881
published_at 2026-04-24T12:55:00Z
1
value 0.03786
scoring_system epss
scoring_elements 0.88082
published_at 2026-04-21T12:55:00Z
2
value 0.03786
scoring_system epss
scoring_elements 0.88085
published_at 2026-04-16T12:55:00Z
3
value 0.03786
scoring_system epss
scoring_elements 0.88072
published_at 2026-04-13T12:55:00Z
4
value 0.05054
scoring_system epss
scoring_elements 0.89738
published_at 2026-04-02T12:55:00Z
5
value 0.05054
scoring_system epss
scoring_elements 0.89752
published_at 2026-04-04T12:55:00Z
6
value 0.05054
scoring_system epss
scoring_elements 0.89754
published_at 2026-04-07T12:55:00Z
7
value 0.05054
scoring_system epss
scoring_elements 0.89771
published_at 2026-04-08T12:55:00Z
8
value 0.05054
scoring_system epss
scoring_elements 0.89778
published_at 2026-04-09T12:55:00Z
9
value 0.05054
scoring_system epss
scoring_elements 0.89784
published_at 2026-04-11T12:55:00Z
10
value 0.05054
scoring_system epss
scoring_elements 0.89782
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34170
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/f71495a63f8b861e8ca3a5fcf5cc931fce55bc57
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/f71495a63f8b861e8ca3a5fcf5cc931fce55bc57
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34170
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34170
5
reference_url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119648
reference_id 2119648
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119648
7
reference_url https://github.com/advisories/GHSA-62wf-24c4-8r76
reference_id GHSA-62wf-24c4-8r76
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62wf-24c4-8r76
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.332.4
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.332.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.332.4
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.346.1
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.346.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.346.1
2
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
aliases CVE-2022-34170, GHSA-62wf-24c4-8r76
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gua8-x599-fqad
1
url VCID-vq51-xhq4-d7dj
vulnerability_id VCID-vq51-xhq4-d7dj
summary 
Cross-Site Request Forgery (CSRF)
A cross-site request forgery (CSRF) vulnerability in Jenkins allows attackers to trigger build of job without parameters when no security realm is set.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-20612.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-20612.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-20612
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.4196
published_at 2026-04-24T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.4202
published_at 2026-04-21T12:55:00Z
2
value 0.002
scoring_system epss
scoring_elements 0.4209
published_at 2026-04-18T12:55:00Z
3
value 0.002
scoring_system epss
scoring_elements 0.42117
published_at 2026-04-16T12:55:00Z
4
value 0.002
scoring_system epss
scoring_elements 0.42066
published_at 2026-04-13T12:55:00Z
5
value 0.002
scoring_system epss
scoring_elements 0.42091
published_at 2026-04-12T12:55:00Z
6
value 0.002
scoring_system epss
scoring_elements 0.42078
published_at 2026-04-02T12:55:00Z
7
value 0.002
scoring_system epss
scoring_elements 0.42017
published_at 2026-04-01T12:55:00Z
8
value 0.002
scoring_system epss
scoring_elements 0.42128
published_at 2026-04-11T12:55:00Z
9
value 0.002
scoring_system epss
scoring_elements 0.42094
published_at 2026-04-08T12:55:00Z
10
value 0.002
scoring_system epss
scoring_elements 0.42042
published_at 2026-04-07T12:55:00Z
11
value 0.002
scoring_system epss
scoring_elements 0.42106
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-20612
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/b5c3764681f3b4ce83d0e78f6a9327925640d57e
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/b5c3764681f3b4ce83d0e78f6a9327925640d57e
4
reference_url https://www.jenkins.io/changelog-stable/#v2.319.2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/changelog-stable/#v2.319.2
5
reference_url https://www.jenkins.io/changelog/#v2.330
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/changelog/#v2.330
6
reference_url https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
7
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
8
reference_url http://www.openwall.com/lists/oss-security/2022/01/12/6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/12/6
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2044460
reference_id 2044460
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2044460
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-20612
reference_id CVE-2022-20612
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-20612
11
reference_url https://github.com/advisories/GHSA-p92q-7fhh-mq35
reference_id GHSA-p92q-7fhh-mq35
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p92q-7fhh-mq35
12
reference_url https://access.redhat.com/errata/RHSA-2022:0339
reference_id RHSA-2022:0339
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0339
13
reference_url https://access.redhat.com/errata/RHSA-2022:0483
reference_id RHSA-2022:0483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0483
14
reference_url https://access.redhat.com/errata/RHSA-2022:0491
reference_id RHSA-2022:0491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0491
15
reference_url https://access.redhat.com/errata/RHSA-2022:0555
reference_id RHSA-2022:0555
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0555
16
reference_url https://access.redhat.com/errata/RHSA-2022:0565
reference_id RHSA-2022:0565
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0565
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.330
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.330
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.330
aliases CVE-2022-20612, GHSA-p92q-7fhh-mq35
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vq51-xhq4-d7dj
2
url VCID-wrub-pwdz-qkhz
vulnerability_id VCID-wrub-pwdz-qkhz
summary 
Deserialization of Untrusted Data
Jenkins defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0538.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0538.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0538
reference_id
reference_type
scores
0
value 0.00575
scoring_system epss
scoring_elements 0.68827
published_at 2026-04-24T12:55:00Z
1
value 0.00575
scoring_system epss
scoring_elements 0.68698
published_at 2026-04-07T12:55:00Z
2
value 0.00575
scoring_system epss
scoring_elements 0.68749
published_at 2026-04-08T12:55:00Z
3
value 0.00575
scoring_system epss
scoring_elements 0.68769
published_at 2026-04-09T12:55:00Z
4
value 0.00575
scoring_system epss
scoring_elements 0.68791
published_at 2026-04-11T12:55:00Z
5
value 0.00575
scoring_system epss
scoring_elements 0.68777
published_at 2026-04-12T12:55:00Z
6
value 0.00575
scoring_system epss
scoring_elements 0.68748
published_at 2026-04-13T12:55:00Z
7
value 0.00575
scoring_system epss
scoring_elements 0.68789
published_at 2026-04-16T12:55:00Z
8
value 0.00575
scoring_system epss
scoring_elements 0.688
published_at 2026-04-18T12:55:00Z
9
value 0.00575
scoring_system epss
scoring_elements 0.68779
published_at 2026-04-21T12:55:00Z
10
value 0.00575
scoring_system epss
scoring_elements 0.68683
published_at 2026-04-01T12:55:00Z
11
value 0.00575
scoring_system epss
scoring_elements 0.68702
published_at 2026-04-02T12:55:00Z
12
value 0.00575
scoring_system epss
scoring_elements 0.6872
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0538
2
reference_url https://github.com/jenkinsci/jenkins/commit/8276aef4cc3dd81810fe6bdf6fa48141632c4636
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/8276aef4cc3dd81810fe6bdf6fa48141632c4636
3
reference_url https://www.jenkins.io/security/advisory/2022-02-09/#SECURITY-2602
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-02-09/#SECURITY-2602
4
reference_url http://www.openwall.com/lists/oss-security/2022/02/09/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/02/09/1
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2052679
reference_id 2052679
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2052679
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0538
reference_id CVE-2022-0538
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0538
7
reference_url https://github.com/advisories/GHSA-34wx-x2w9-vqm3
reference_id GHSA-34wx-x2w9-vqm3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-34wx-x2w9-vqm3
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.334
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.334
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vgg4-g95a-gkey
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.334
aliases CVE-2022-0538, GHSA-34wx-x2w9-vqm3
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrub-pwdz-qkhz
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.320