Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.main/jenkins-core@2.32.1
Typemaven
Namespaceorg.jenkins-ci.main
Namejenkins-core
Version2.32.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.45
Latest_non_vulnerable_version2.555
Affected_by_vulnerabilities
0
url VCID-1gnc-b5tg-3fhe
vulnerability_id VCID-1gnc-b5tg-3fhe
summary 
Inadequate Encryption Strength
Jenkins uses `AES ECB` block cipher mode without an `IV` for encrypting secrets, which makes Jenkins and the stored secrets vulnerable to unnecessary risks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2598.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2598.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2598
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.18412
published_at 2026-04-26T12:55:00Z
1
value 0.00059
scoring_system epss
scoring_elements 0.18429
published_at 2026-04-24T12:55:00Z
2
value 0.00059
scoring_system epss
scoring_elements 0.18532
published_at 2026-04-21T12:55:00Z
3
value 0.00059
scoring_system epss
scoring_elements 0.18512
published_at 2026-04-18T12:55:00Z
4
value 0.00059
scoring_system epss
scoring_elements 0.18503
published_at 2026-04-16T12:55:00Z
5
value 0.00059
scoring_system epss
scoring_elements 0.18522
published_at 2026-04-07T12:55:00Z
6
value 0.00059
scoring_system epss
scoring_elements 0.18654
published_at 2026-04-09T12:55:00Z
7
value 0.00059
scoring_system epss
scoring_elements 0.1875
published_at 2026-04-02T12:55:00Z
8
value 0.00059
scoring_system epss
scoring_elements 0.18804
published_at 2026-04-04T12:55:00Z
9
value 0.00059
scoring_system epss
scoring_elements 0.18601
published_at 2026-04-08T12:55:00Z
10
value 0.00059
scoring_system epss
scoring_elements 0.1856
published_at 2026-04-13T12:55:00Z
11
value 0.00059
scoring_system epss
scoring_elements 0.18611
published_at 2026-04-12T12:55:00Z
12
value 0.00059
scoring_system epss
scoring_elements 0.18659
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2598
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b
5
reference_url https://jenkins.io/security/advisory/2017-02-01
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2017-02-01
6
reference_url https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2017-02-01/
7
reference_url http://www.securityfocus.com/bid/95948
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95948
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1418696
reference_id 1418696
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1418696
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2598
reference_id CVE-2017-2598
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2598
12
reference_url https://github.com/advisories/GHSA-r9q2-3r6x-qmgp
reference_id GHSA-r9q2-3r6x-qmgp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r9q2-3r6x-qmgp
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-2zwg-a71p-r7hs
2
vulnerability VCID-6cw8-67c2-1ugk
3
vulnerability VCID-8u35-jee9-5qes
4
vulnerability VCID-fndu-scdw-jueh
5
vulnerability VCID-h23h-s8t3-byhr
6
vulnerability VCID-hgy1-h6aj-dbbu
7
vulnerability VCID-kbj2-ymsz-5qe8
8
vulnerability VCID-kzfk-8p92-3bgs
9
vulnerability VCID-q58h-d9w2-8yez
10
vulnerability VCID-rhrm-caa2-9kae
11
vulnerability VCID-v2ky-wpb2-6qhk
12
vulnerability VCID-wb3y-k94s-eyb4
13
vulnerability VCID-yw8v-fqar-z7b5
14
vulnerability VCID-zb9r-zjt8-wqae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wb3y-k94s-eyb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
aliases CVE-2017-2598, GHSA-r9q2-3r6x-qmgp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1gnc-b5tg-3fhe
1
url VCID-6cw8-67c2-1ugk
vulnerability_id VCID-6cw8-67c2-1ugk
summary 
Information Exposure
Jenkins is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible. This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an `UnprotectedRootAction`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2606.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2606.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2606
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.2369
published_at 2026-04-26T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.23701
published_at 2026-04-24T12:55:00Z
2
value 0.00081
scoring_system epss
scoring_elements 0.23819
published_at 2026-04-21T12:55:00Z
3
value 0.00081
scoring_system epss
scoring_elements 0.23839
published_at 2026-04-18T12:55:00Z
4
value 0.00081
scoring_system epss
scoring_elements 0.2385
published_at 2026-04-16T12:55:00Z
5
value 0.00081
scoring_system epss
scoring_elements 0.23838
published_at 2026-04-13T12:55:00Z
6
value 0.00081
scoring_system epss
scoring_elements 0.23807
published_at 2026-04-07T12:55:00Z
7
value 0.00081
scoring_system epss
scoring_elements 0.2392
published_at 2026-04-09T12:55:00Z
8
value 0.00081
scoring_system epss
scoring_elements 0.23874
published_at 2026-04-08T12:55:00Z
9
value 0.00081
scoring_system epss
scoring_elements 0.23983
published_at 2026-04-02T12:55:00Z
10
value 0.00081
scoring_system epss
scoring_elements 0.24023
published_at 2026-04-04T12:55:00Z
11
value 0.00081
scoring_system epss
scoring_elements 0.23893
published_at 2026-04-12T12:55:00Z
12
value 0.00081
scoring_system epss
scoring_elements 0.23937
published_at 2026-04-11T12:55:00Z
13
value 0.00081
scoring_system epss
scoring_elements 0.23864
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2606
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2606
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2606
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/09cfbc9cd5c9df7c763bc976b7f5c51266b63719
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/09cfbc9cd5c9df7c763bc976b7f5c51266b63719
5
reference_url https://jenkins.io/security/advisory/2017-02-01
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2017-02-01
6
reference_url https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2017-02-01/
7
reference_url http://www.securityfocus.com/bid/95962
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/95962
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1418717
reference_id 1418717
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1418717
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2606
reference_id CVE-2017-2606
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2606
12
reference_url https://github.com/advisories/GHSA-6967-9vvv-4cmm
reference_id GHSA-6967-9vvv-4cmm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6967-9vvv-4cmm
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-2zwg-a71p-r7hs
2
vulnerability VCID-6cw8-67c2-1ugk
3
vulnerability VCID-8u35-jee9-5qes
4
vulnerability VCID-fndu-scdw-jueh
5
vulnerability VCID-h23h-s8t3-byhr
6
vulnerability VCID-hgy1-h6aj-dbbu
7
vulnerability VCID-kbj2-ymsz-5qe8
8
vulnerability VCID-kzfk-8p92-3bgs
9
vulnerability VCID-q58h-d9w2-8yez
10
vulnerability VCID-rhrm-caa2-9kae
11
vulnerability VCID-v2ky-wpb2-6qhk
12
vulnerability VCID-wb3y-k94s-eyb4
13
vulnerability VCID-yw8v-fqar-z7b5
14
vulnerability VCID-zb9r-zjt8-wqae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wb3y-k94s-eyb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
aliases CVE-2017-2606, GHSA-6967-9vvv-4cmm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cw8-67c2-1ugk
2
url VCID-8u35-jee9-5qes
vulnerability_id VCID-8u35-jee9-5qes
summary 
Information Exposure
In Jenkins, monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2600.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2600.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2600
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10086
published_at 2026-04-26T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10106
published_at 2026-04-24T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10131
published_at 2026-04-21T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.10002
published_at 2026-04-18T12:55:00Z
4
value 0.00034
scoring_system epss
scoring_elements 0.10025
published_at 2026-04-16T12:55:00Z
5
value 0.00034
scoring_system epss
scoring_elements 0.10152
published_at 2026-04-13T12:55:00Z
6
value 0.00034
scoring_system epss
scoring_elements 0.10171
published_at 2026-04-09T12:55:00Z
7
value 0.00034
scoring_system epss
scoring_elements 0.10077
published_at 2026-04-02T12:55:00Z
8
value 0.00034
scoring_system epss
scoring_elements 0.10137
published_at 2026-04-04T12:55:00Z
9
value 0.00034
scoring_system epss
scoring_elements 0.10035
published_at 2026-04-07T12:55:00Z
10
value 0.00034
scoring_system epss
scoring_elements 0.10111
published_at 2026-04-08T12:55:00Z
11
value 0.00034
scoring_system epss
scoring_elements 0.09952
published_at 2026-04-01T12:55:00Z
12
value 0.00034
scoring_system epss
scoring_elements 0.10172
published_at 2026-04-12T12:55:00Z
13
value 0.00034
scoring_system epss
scoring_elements 0.10211
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2600
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899
5
reference_url https://jenkins.io/security/advisory/2017-02-01
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2017-02-01
6
reference_url https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2017-02-01/
7
reference_url http://www.securityfocus.com/bid/95954
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95954
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1418703
reference_id 1418703
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1418703
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2600
reference_id CVE-2017-2600
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2600
12
reference_url https://github.com/advisories/GHSA-wj5c-j656-h5fw
reference_id GHSA-wj5c-j656-h5fw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wj5c-j656-h5fw
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-2zwg-a71p-r7hs
2
vulnerability VCID-6cw8-67c2-1ugk
3
vulnerability VCID-8u35-jee9-5qes
4
vulnerability VCID-fndu-scdw-jueh
5
vulnerability VCID-h23h-s8t3-byhr
6
vulnerability VCID-hgy1-h6aj-dbbu
7
vulnerability VCID-kbj2-ymsz-5qe8
8
vulnerability VCID-kzfk-8p92-3bgs
9
vulnerability VCID-q58h-d9w2-8yez
10
vulnerability VCID-rhrm-caa2-9kae
11
vulnerability VCID-v2ky-wpb2-6qhk
12
vulnerability VCID-wb3y-k94s-eyb4
13
vulnerability VCID-yw8v-fqar-z7b5
14
vulnerability VCID-zb9r-zjt8-wqae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wb3y-k94s-eyb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
aliases CVE-2017-2600, GHSA-wj5c-j656-h5fw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8u35-jee9-5qes
3
url VCID-fndu-scdw-jueh
vulnerability_id VCID-fndu-scdw-jueh
summary 
Improper Authentication
In Jenkins, low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2604.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2604.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2604
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.24882
published_at 2026-04-26T12:55:00Z
1
value 0.00087
scoring_system epss
scoring_elements 0.24893
published_at 2026-04-24T12:55:00Z
2
value 0.00087
scoring_system epss
scoring_elements 0.2495
published_at 2026-04-21T12:55:00Z
3
value 0.00087
scoring_system epss
scoring_elements 0.24978
published_at 2026-04-18T12:55:00Z
4
value 0.00087
scoring_system epss
scoring_elements 0.24986
published_at 2026-04-16T12:55:00Z
5
value 0.00087
scoring_system epss
scoring_elements 0.25009
published_at 2026-04-08T12:55:00Z
6
value 0.00087
scoring_system epss
scoring_elements 0.25128
published_at 2026-04-02T12:55:00Z
7
value 0.00087
scoring_system epss
scoring_elements 0.25168
published_at 2026-04-04T12:55:00Z
8
value 0.00087
scoring_system epss
scoring_elements 0.24941
published_at 2026-04-07T12:55:00Z
9
value 0.00087
scoring_system epss
scoring_elements 0.25054
published_at 2026-04-09T12:55:00Z
10
value 0.00087
scoring_system epss
scoring_elements 0.24974
published_at 2026-04-13T12:55:00Z
11
value 0.00087
scoring_system epss
scoring_elements 0.25051
published_at 2026-04-01T12:55:00Z
12
value 0.00087
scoring_system epss
scoring_elements 0.25028
published_at 2026-04-12T12:55:00Z
13
value 0.00087
scoring_system epss
scoring_elements 0.25068
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2604
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8
5
reference_url https://jenkins.io/security/advisory/2017-02-01
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2017-02-01
6
reference_url https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2017-02-01/
7
reference_url http://www.securityfocus.com/bid/95959
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95959
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1418714
reference_id 1418714
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1418714
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2604
reference_id CVE-2017-2604
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2604
11
reference_url https://github.com/advisories/GHSA-m93h-5qmx-pphg
reference_id GHSA-m93h-5qmx-pphg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m93h-5qmx-pphg
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-2zwg-a71p-r7hs
2
vulnerability VCID-6cw8-67c2-1ugk
3
vulnerability VCID-8u35-jee9-5qes
4
vulnerability VCID-fndu-scdw-jueh
5
vulnerability VCID-h23h-s8t3-byhr
6
vulnerability VCID-hgy1-h6aj-dbbu
7
vulnerability VCID-kbj2-ymsz-5qe8
8
vulnerability VCID-kzfk-8p92-3bgs
9
vulnerability VCID-q58h-d9w2-8yez
10
vulnerability VCID-rhrm-caa2-9kae
11
vulnerability VCID-v2ky-wpb2-6qhk
12
vulnerability VCID-wb3y-k94s-eyb4
13
vulnerability VCID-yw8v-fqar-z7b5
14
vulnerability VCID-zb9r-zjt8-wqae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wb3y-k94s-eyb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
aliases CVE-2017-2604, GHSA-m93h-5qmx-pphg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fndu-scdw-jueh
4
url VCID-kbj2-ymsz-5qe8
vulnerability_id VCID-kbj2-ymsz-5qe8
summary 
Information Exposure
Jenkins is vulnerable to a user data leak in disconnected agents' `config.xml` API. This could leak sensitive data such as API tokens.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2603.json
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2603.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2603
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06426
published_at 2026-04-26T12:55:00Z
1
value 0.00023
scoring_system epss
scoring_elements 0.06402
published_at 2026-04-24T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06388
published_at 2026-04-21T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06239
published_at 2026-04-18T12:55:00Z
4
value 0.00023
scoring_system epss
scoring_elements 0.06209
published_at 2026-04-07T12:55:00Z
5
value 0.00023
scoring_system epss
scoring_elements 0.06292
published_at 2026-04-09T12:55:00Z
6
value 0.00023
scoring_system epss
scoring_elements 0.06196
published_at 2026-04-02T12:55:00Z
7
value 0.00023
scoring_system epss
scoring_elements 0.06228
published_at 2026-04-04T12:55:00Z
8
value 0.00023
scoring_system epss
scoring_elements 0.06251
published_at 2026-04-08T12:55:00Z
9
value 0.00023
scoring_system epss
scoring_elements 0.06227
published_at 2026-04-16T12:55:00Z
10
value 0.00023
scoring_system epss
scoring_elements 0.06268
published_at 2026-04-13T12:55:00Z
11
value 0.00023
scoring_system epss
scoring_elements 0.06162
published_at 2026-04-01T12:55:00Z
12
value 0.00023
scoring_system epss
scoring_elements 0.06279
published_at 2026-04-12T12:55:00Z
13
value 0.00023
scoring_system epss
scoring_elements 0.06283
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2603
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2603
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2603
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/3cd946cbef82c6da5ccccf3890d0ae4e091c4265
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/3cd946cbef82c6da5ccccf3890d0ae4e091c4265
5
reference_url https://jenkins.io/security/advisory/2017-02-01
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2017-02-01
6
reference_url https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2017-02-01/
7
reference_url http://www.securityfocus.com/bid/95955
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95955
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1418713
reference_id 1418713
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1418713
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2603
reference_id CVE-2017-2603
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
1
value 2.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
2
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
3
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
4
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2603
11
reference_url https://github.com/advisories/GHSA-x55p-6526-xmmp
reference_id GHSA-x55p-6526-xmmp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x55p-6526-xmmp
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-2zwg-a71p-r7hs
2
vulnerability VCID-6cw8-67c2-1ugk
3
vulnerability VCID-8u35-jee9-5qes
4
vulnerability VCID-fndu-scdw-jueh
5
vulnerability VCID-h23h-s8t3-byhr
6
vulnerability VCID-hgy1-h6aj-dbbu
7
vulnerability VCID-kbj2-ymsz-5qe8
8
vulnerability VCID-kzfk-8p92-3bgs
9
vulnerability VCID-q58h-d9w2-8yez
10
vulnerability VCID-rhrm-caa2-9kae
11
vulnerability VCID-v2ky-wpb2-6qhk
12
vulnerability VCID-wb3y-k94s-eyb4
13
vulnerability VCID-yw8v-fqar-z7b5
14
vulnerability VCID-zb9r-zjt8-wqae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wb3y-k94s-eyb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
aliases CVE-2017-2603, GHSA-x55p-6526-xmmp
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kbj2-ymsz-5qe8
5
url VCID-kzfk-8p92-3bgs
vulnerability_id VCID-kzfk-8p92-3bgs
summary 
Cross-site Scripting
Jenkins is vulnerable to a persisted cross-site scripting vulnerability in console notes. Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2607.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2607.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2607
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14614
published_at 2026-04-26T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.14616
published_at 2026-04-24T12:55:00Z
2
value 0.00047
scoring_system epss
scoring_elements 0.14715
published_at 2026-04-11T12:55:00Z
3
value 0.00047
scoring_system epss
scoring_elements 0.14801
published_at 2026-04-04T12:55:00Z
4
value 0.00047
scoring_system epss
scoring_elements 0.14607
published_at 2026-04-07T12:55:00Z
5
value 0.00047
scoring_system epss
scoring_elements 0.14696
published_at 2026-04-08T12:55:00Z
6
value 0.00047
scoring_system epss
scoring_elements 0.14755
published_at 2026-04-09T12:55:00Z
7
value 0.00047
scoring_system epss
scoring_elements 0.14586
published_at 2026-04-21T12:55:00Z
8
value 0.00047
scoring_system epss
scoring_elements 0.1452
published_at 2026-04-18T12:55:00Z
9
value 0.00047
scoring_system epss
scoring_elements 0.14676
published_at 2026-04-01T12:55:00Z
10
value 0.00047
scoring_system epss
scoring_elements 0.14513
published_at 2026-04-16T12:55:00Z
11
value 0.00047
scoring_system epss
scoring_elements 0.14622
published_at 2026-04-13T12:55:00Z
12
value 0.00047
scoring_system epss
scoring_elements 0.14677
published_at 2026-04-12T12:55:00Z
13
value 0.00047
scoring_system epss
scoring_elements 0.14727
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2607
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2607
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2607
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url http://www.securityfocus.com/bid/95963
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/95963
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1418719
reference_id 1418719
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1418719
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2607
reference_id CVE-2017-2607
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:N
1
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2607
9
reference_url https://github.com/advisories/GHSA-42m6-7xff-9v9m
reference_id GHSA-42m6-7xff-9v9m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-42m6-7xff-9v9m
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-2zwg-a71p-r7hs
2
vulnerability VCID-6cw8-67c2-1ugk
3
vulnerability VCID-8u35-jee9-5qes
4
vulnerability VCID-fndu-scdw-jueh
5
vulnerability VCID-h23h-s8t3-byhr
6
vulnerability VCID-hgy1-h6aj-dbbu
7
vulnerability VCID-kbj2-ymsz-5qe8
8
vulnerability VCID-kzfk-8p92-3bgs
9
vulnerability VCID-q58h-d9w2-8yez
10
vulnerability VCID-rhrm-caa2-9kae
11
vulnerability VCID-v2ky-wpb2-6qhk
12
vulnerability VCID-wb3y-k94s-eyb4
13
vulnerability VCID-yw8v-fqar-z7b5
14
vulnerability VCID-zb9r-zjt8-wqae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wb3y-k94s-eyb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
aliases CVE-2017-2607, GHSA-42m6-7xff-9v9m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzfk-8p92-3bgs
6
url VCID-q58h-d9w2-8yez
vulnerability_id VCID-q58h-d9w2-8yez
summary 
Information Exposure
Jenkins is vulnerable to an improper exclusion of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2602.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2602.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2602
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37247
published_at 2026-04-26T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37268
published_at 2026-04-24T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37488
published_at 2026-04-21T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37553
published_at 2026-04-18T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37572
published_at 2026-04-16T12:55:00Z
5
value 0.00165
scoring_system epss
scoring_elements 0.37525
published_at 2026-04-13T12:55:00Z
6
value 0.00165
scoring_system epss
scoring_elements 0.37558
published_at 2026-04-08T12:55:00Z
7
value 0.00165
scoring_system epss
scoring_elements 0.37571
published_at 2026-04-09T12:55:00Z
8
value 0.00165
scoring_system epss
scoring_elements 0.37606
published_at 2026-04-02T12:55:00Z
9
value 0.00165
scoring_system epss
scoring_elements 0.37629
published_at 2026-04-04T12:55:00Z
10
value 0.00165
scoring_system epss
scoring_elements 0.37507
published_at 2026-04-07T12:55:00Z
11
value 0.00165
scoring_system epss
scoring_elements 0.3744
published_at 2026-04-01T12:55:00Z
12
value 0.00165
scoring_system epss
scoring_elements 0.37551
published_at 2026-04-12T12:55:00Z
13
value 0.00165
scoring_system epss
scoring_elements 0.37585
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2602
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2602
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2602
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/414ff7e30aba66bed18c4ee8a8660fb36fc8c655
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/414ff7e30aba66bed18c4ee8a8660fb36fc8c655
5
reference_url https://jenkins.io/security/advisory/2017-02-01
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2017-02-01
6
reference_url https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2017-02-01/
7
reference_url http://www.securityfocus.com/bid/95952
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95952
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1418711
reference_id 1418711
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1418711
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2602
reference_id CVE-2017-2602
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2602
12
reference_url https://github.com/advisories/GHSA-ffgg-vphh-v273
reference_id GHSA-ffgg-vphh-v273
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffgg-vphh-v273
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-2zwg-a71p-r7hs
2
vulnerability VCID-6cw8-67c2-1ugk
3
vulnerability VCID-8u35-jee9-5qes
4
vulnerability VCID-fndu-scdw-jueh
5
vulnerability VCID-h23h-s8t3-byhr
6
vulnerability VCID-hgy1-h6aj-dbbu
7
vulnerability VCID-kbj2-ymsz-5qe8
8
vulnerability VCID-kzfk-8p92-3bgs
9
vulnerability VCID-q58h-d9w2-8yez
10
vulnerability VCID-rhrm-caa2-9kae
11
vulnerability VCID-v2ky-wpb2-6qhk
12
vulnerability VCID-wb3y-k94s-eyb4
13
vulnerability VCID-yw8v-fqar-z7b5
14
vulnerability VCID-zb9r-zjt8-wqae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wb3y-k94s-eyb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
aliases CVE-2017-2602, GHSA-ffgg-vphh-v273
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q58h-d9w2-8yez
7
url VCID-rhrm-caa2-9kae
vulnerability_id VCID-rhrm-caa2-9kae
summary 
Improper Privilege Management
Jenkins is vulnerable to an insufficient permission check. This allows users with permissions to create new items to overwrite existing items they don't have access to.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2599.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2599.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2599
reference_id
reference_type
scores
0
value 0.00164
scoring_system epss
scoring_elements 0.37106
published_at 2026-04-26T12:55:00Z
1
value 0.00164
scoring_system epss
scoring_elements 0.37542
published_at 2026-04-04T12:55:00Z
2
value 0.00164
scoring_system epss
scoring_elements 0.3737
published_at 2026-04-07T12:55:00Z
3
value 0.00164
scoring_system epss
scoring_elements 0.37421
published_at 2026-04-08T12:55:00Z
4
value 0.00164
scoring_system epss
scoring_elements 0.37433
published_at 2026-04-09T12:55:00Z
5
value 0.00164
scoring_system epss
scoring_elements 0.37446
published_at 2026-04-11T12:55:00Z
6
value 0.00164
scoring_system epss
scoring_elements 0.37411
published_at 2026-04-12T12:55:00Z
7
value 0.00164
scoring_system epss
scoring_elements 0.37384
published_at 2026-04-13T12:55:00Z
8
value 0.00164
scoring_system epss
scoring_elements 0.3743
published_at 2026-04-16T12:55:00Z
9
value 0.00164
scoring_system epss
scoring_elements 0.37412
published_at 2026-04-18T12:55:00Z
10
value 0.00164
scoring_system epss
scoring_elements 0.37357
published_at 2026-04-21T12:55:00Z
11
value 0.00164
scoring_system epss
scoring_elements 0.37138
published_at 2026-04-24T12:55:00Z
12
value 0.00164
scoring_system epss
scoring_elements 0.37354
published_at 2026-04-01T12:55:00Z
13
value 0.00164
scoring_system epss
scoring_elements 0.37518
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2599
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338f366853ce89
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338f366853ce89
5
reference_url https://jenkins.io/security/advisory/2017-02-01
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2017-02-01
6
reference_url https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2017-02-01/
7
reference_url http://www.securityfocus.com/bid/95949
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95949
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1418698
reference_id 1418698
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1418698
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2599
reference_id CVE-2017-2599
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2599
10
reference_url https://github.com/advisories/GHSA-7r4h-2h23-6jq9
reference_id GHSA-7r4h-2h23-6jq9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7r4h-2h23-6jq9
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-2zwg-a71p-r7hs
2
vulnerability VCID-6cw8-67c2-1ugk
3
vulnerability VCID-8u35-jee9-5qes
4
vulnerability VCID-fndu-scdw-jueh
5
vulnerability VCID-h23h-s8t3-byhr
6
vulnerability VCID-hgy1-h6aj-dbbu
7
vulnerability VCID-kbj2-ymsz-5qe8
8
vulnerability VCID-kzfk-8p92-3bgs
9
vulnerability VCID-q58h-d9w2-8yez
10
vulnerability VCID-rhrm-caa2-9kae
11
vulnerability VCID-v2ky-wpb2-6qhk
12
vulnerability VCID-wb3y-k94s-eyb4
13
vulnerability VCID-yw8v-fqar-z7b5
14
vulnerability VCID-zb9r-zjt8-wqae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wb3y-k94s-eyb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
aliases CVE-2017-2599, GHSA-7r4h-2h23-6jq9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rhrm-caa2-9kae
8
url VCID-sanw-xj8r-1kbb
vulnerability_id VCID-sanw-xj8r-1kbb
summary 
Information Exposure
The re-key admin monitor in Jenkins re-encrypts all secrets in `JENKINS_HOME` with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups are world-readable and not removed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000362.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000362.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000362
reference_id
reference_type
scores
0
value 0.01234
scoring_system epss
scoring_elements 0.79259
published_at 2026-04-26T12:55:00Z
1
value 0.01234
scoring_system epss
scoring_elements 0.79145
published_at 2026-04-01T12:55:00Z
2
value 0.01234
scoring_system epss
scoring_elements 0.79151
published_at 2026-04-02T12:55:00Z
3
value 0.01234
scoring_system epss
scoring_elements 0.79176
published_at 2026-04-04T12:55:00Z
4
value 0.01234
scoring_system epss
scoring_elements 0.79162
published_at 2026-04-07T12:55:00Z
5
value 0.01234
scoring_system epss
scoring_elements 0.79187
published_at 2026-04-08T12:55:00Z
6
value 0.01234
scoring_system epss
scoring_elements 0.79195
published_at 2026-04-13T12:55:00Z
7
value 0.01234
scoring_system epss
scoring_elements 0.79219
published_at 2026-04-21T12:55:00Z
8
value 0.01234
scoring_system epss
scoring_elements 0.79204
published_at 2026-04-12T12:55:00Z
9
value 0.01234
scoring_system epss
scoring_elements 0.79221
published_at 2026-04-16T12:55:00Z
10
value 0.01234
scoring_system epss
scoring_elements 0.79218
published_at 2026-04-18T12:55:00Z
11
value 0.01234
scoring_system epss
scoring_elements 0.79253
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000362
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/0be33cf7328fad6a7596ce9505a74561a8b1eb85
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/0be33cf7328fad6a7596ce9505a74561a8b1eb85
4
reference_url https://github.com/jenkinsci/jenkins/commit/a572450f039fdb99410fcf6eb0ba307bd69ea458
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/a572450f039fdb99410fcf6eb0ba307bd69ea458
5
reference_url https://jenkins.io/security/advisory/2017-02-01
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2017-02-01
6
reference_url https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2017-02-01/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1418716
reference_id 1418716
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1418716
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000362
reference_id CVE-2017-1000362
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000362
9
reference_url https://github.com/advisories/GHSA-92mr-4w2q-4578
reference_id GHSA-92mr-4w2q-4578
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92mr-4w2q-4578
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-2zwg-a71p-r7hs
2
vulnerability VCID-6cw8-67c2-1ugk
3
vulnerability VCID-8u35-jee9-5qes
4
vulnerability VCID-fndu-scdw-jueh
5
vulnerability VCID-h23h-s8t3-byhr
6
vulnerability VCID-hgy1-h6aj-dbbu
7
vulnerability VCID-kbj2-ymsz-5qe8
8
vulnerability VCID-kzfk-8p92-3bgs
9
vulnerability VCID-q58h-d9w2-8yez
10
vulnerability VCID-rhrm-caa2-9kae
11
vulnerability VCID-v2ky-wpb2-6qhk
12
vulnerability VCID-wb3y-k94s-eyb4
13
vulnerability VCID-yw8v-fqar-z7b5
14
vulnerability VCID-zb9r-zjt8-wqae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wb3y-k94s-eyb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
aliases CVE-2017-1000362, GHSA-92mr-4w2q-4578
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sanw-xj8r-1kbb
9
url VCID-v2ky-wpb2-6qhk
vulnerability_id VCID-v2ky-wpb2-6qhk
summary 
Cross-site Scripting
Jenkins is vulnerable to a persisted cross-site scripting in parameter names and descriptions. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2601.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2601.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2601
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.55762
published_at 2026-04-26T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.55745
published_at 2026-04-24T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.55843
published_at 2026-04-18T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.55801
published_at 2026-04-13T12:55:00Z
4
value 0.00328
scoring_system epss
scoring_elements 0.55819
published_at 2026-04-21T12:55:00Z
5
value 0.00328
scoring_system epss
scoring_elements 0.55839
published_at 2026-04-16T12:55:00Z
6
value 0.00328
scoring_system epss
scoring_elements 0.5583
published_at 2026-04-09T12:55:00Z
7
value 0.00328
scoring_system epss
scoring_elements 0.55662
published_at 2026-04-01T12:55:00Z
8
value 0.00328
scoring_system epss
scoring_elements 0.55774
published_at 2026-04-02T12:55:00Z
9
value 0.00328
scoring_system epss
scoring_elements 0.55827
published_at 2026-04-08T12:55:00Z
10
value 0.00328
scoring_system epss
scoring_elements 0.55796
published_at 2026-04-04T12:55:00Z
11
value 0.00328
scoring_system epss
scoring_elements 0.55776
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2601
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2601
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2601
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/fd2e081b947124c90bcd97bfc55e1a7f2ef41a74
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/fd2e081b947124c90bcd97bfc55e1a7f2ef41a74
5
reference_url https://jenkins.io/security/advisory/2017-02-01
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2017-02-01
6
reference_url https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2017-02-01/
7
reference_url http://www.openwall.com/lists/oss-security/2022/04/12/5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/04/12/5
8
reference_url http://www.openwall.com/lists/oss-security/2022/05/17/8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/05/17/8
9
reference_url http://www.openwall.com/lists/oss-security/2022/06/22/3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/06/22/3
10
reference_url http://www.openwall.com/lists/oss-security/2022/06/30/3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/06/30/3
11
reference_url http://www.openwall.com/lists/oss-security/2022/10/19/3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/10/19/3
12
reference_url http://www.securityfocus.com/bid/95960
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/95960
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1418707
reference_id 1418707
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1418707
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2601
reference_id CVE-2017-2601
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2601
17
reference_url https://github.com/advisories/GHSA-r69c-5j7c-vm6q
reference_id GHSA-r69c-5j7c-vm6q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r69c-5j7c-vm6q
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-2zwg-a71p-r7hs
2
vulnerability VCID-6cw8-67c2-1ugk
3
vulnerability VCID-8u35-jee9-5qes
4
vulnerability VCID-fndu-scdw-jueh
5
vulnerability VCID-h23h-s8t3-byhr
6
vulnerability VCID-hgy1-h6aj-dbbu
7
vulnerability VCID-kbj2-ymsz-5qe8
8
vulnerability VCID-kzfk-8p92-3bgs
9
vulnerability VCID-q58h-d9w2-8yez
10
vulnerability VCID-rhrm-caa2-9kae
11
vulnerability VCID-v2ky-wpb2-6qhk
12
vulnerability VCID-wb3y-k94s-eyb4
13
vulnerability VCID-yw8v-fqar-z7b5
14
vulnerability VCID-zb9r-zjt8-wqae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wb3y-k94s-eyb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
aliases CVE-2017-2601, GHSA-r69c-5j7c-vm6q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v2ky-wpb2-6qhk
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.1