Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.main/jenkins-core@2.335
Typemaven
Namespaceorg.jenkins-ci.main
Namejenkins-core
Version2.335
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.346.1
Latest_non_vulnerable_version2.555
Affected_by_vulnerabilities
0
url VCID-5k7u-6rmq-tyb5
vulnerability_id VCID-5k7u-6rmq-tyb5
summary 
Unauthorized view fragment access in Jenkins
Jenkins uses the Stapler web framework to render its UI views. These views are frequently composed of several view fragments, enabling plugins to extend existing views with more content.

Before [SECURITY-534](https://www.jenkins.io/security/advisory/2019-07-17/#SECURITY-534) was fixed in Jenkins 2.186 and LTS 2.176.2, attackers could in some cases directly access a view fragment containing sensitive information, bypassing any permission checks in the corresponding view.

In Jenkins 2.335 through 2.355 (both inclusive), the protection added for SECURITY-534 is disabled for some views. As a result, attackers could in very limited cases directly access a view fragment containing sensitive information, bypassing any permission checks in the corresponding view.

As of publication, the Jenkins security team is unaware of any vulnerable view fragment across the Jenkins plugin ecosystem.

Jenkins 2.356 restores the protection for affected views.

No Jenkins LTS release is affected by this issue, as it was not present in Jenkins 2.332.x and fixed in the 2.346.x line before 2.346.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34175.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34175.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34175
reference_id
reference_type
scores
0
value 0.03089
scoring_system epss
scoring_elements 0.86826
published_at 2026-04-29T12:55:00Z
1
value 0.03089
scoring_system epss
scoring_elements 0.86819
published_at 2026-04-24T12:55:00Z
2
value 0.03089
scoring_system epss
scoring_elements 0.86803
published_at 2026-04-21T12:55:00Z
3
value 0.03089
scoring_system epss
scoring_elements 0.86806
published_at 2026-04-18T12:55:00Z
4
value 0.03089
scoring_system epss
scoring_elements 0.86801
published_at 2026-04-16T12:55:00Z
5
value 0.03089
scoring_system epss
scoring_elements 0.86786
published_at 2026-04-13T12:55:00Z
6
value 0.04136
scoring_system epss
scoring_elements 0.88625
published_at 2026-04-04T12:55:00Z
7
value 0.04136
scoring_system epss
scoring_elements 0.88609
published_at 2026-04-02T12:55:00Z
8
value 0.04136
scoring_system epss
scoring_elements 0.88627
published_at 2026-04-07T12:55:00Z
9
value 0.04136
scoring_system epss
scoring_elements 0.88645
published_at 2026-04-08T12:55:00Z
10
value 0.04136
scoring_system epss
scoring_elements 0.8865
published_at 2026-04-09T12:55:00Z
11
value 0.04136
scoring_system epss
scoring_elements 0.88662
published_at 2026-04-11T12:55:00Z
12
value 0.04136
scoring_system epss
scoring_elements 0.88654
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34175
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/37bd66a43ad561f670db7440f493d69518741d27
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/37bd66a43ad561f670db7440f493d69518741d27
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34175
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34175
5
reference_url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2777
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2777
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119655
reference_id 2119655
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119655
7
reference_url https://github.com/advisories/GHSA-p3rc-946h-8cf5
reference_id GHSA-p3rc-946h-8cf5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p3rc-946h-8cf5
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
aliases CVE-2022-34175, GHSA-p3rc-946h-8cf5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5k7u-6rmq-tyb5
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.335