Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.main/jenkins-core@2.340
Typemaven
Namespaceorg.jenkins-ci.main
Namejenkins-core
Version2.340
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.346.1
Latest_non_vulnerable_version2.555
Affected_by_vulnerabilities
0
url VCID-1h9x-56rp-j7ch
vulnerability_id VCID-1h9x-56rp-j7ch
summary 
Cross-site Scripting vulnerability in Jenkins
Since Jenkins 2.340, the tooltip of the build button in list views supports HTML without escaping the job display name.

This vulnerability is known to be exploitable by attackers with Job/Configure permission.

Jenkins 2.356 addresses this vulnerability. The tooltip of the build button in list views is now escaped.

No Jenkins LTS release is affected by SECURITY-2776 or SECURITY-2780, as these were not present in Jenkins 2.332.x and fixed in the 2.346.x line before 2.346.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34173.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34173.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34173
reference_id
reference_type
scores
0
value 0.09062
scoring_system epss
scoring_elements 0.92664
published_at 2026-04-24T12:55:00Z
1
value 0.09062
scoring_system epss
scoring_elements 0.92662
published_at 2026-04-21T12:55:00Z
2
value 0.09062
scoring_system epss
scoring_elements 0.92658
published_at 2026-04-18T12:55:00Z
3
value 0.09062
scoring_system epss
scoring_elements 0.92659
published_at 2026-04-16T12:55:00Z
4
value 0.09062
scoring_system epss
scoring_elements 0.92645
published_at 2026-04-13T12:55:00Z
5
value 0.11821
scoring_system epss
scoring_elements 0.937
published_at 2026-04-04T12:55:00Z
6
value 0.11821
scoring_system epss
scoring_elements 0.93689
published_at 2026-04-02T12:55:00Z
7
value 0.11821
scoring_system epss
scoring_elements 0.93703
published_at 2026-04-07T12:55:00Z
8
value 0.11821
scoring_system epss
scoring_elements 0.93712
published_at 2026-04-08T12:55:00Z
9
value 0.11821
scoring_system epss
scoring_elements 0.93714
published_at 2026-04-09T12:55:00Z
10
value 0.11821
scoring_system epss
scoring_elements 0.93719
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34173
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34173
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34173
4
reference_url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119652
reference_id 2119652
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119652
6
reference_url https://github.com/advisories/GHSA-6g4r-q7qg-6qx6
reference_id GHSA-6g4r-q7qg-6qx6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6g4r-q7qg-6qx6
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
aliases CVE-2022-34173, GHSA-6g4r-q7qg-6qx6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1h9x-56rp-j7ch
1
url VCID-uwfz-czcp-qyd9
vulnerability_id VCID-uwfz-czcp-qyd9
summary 
Cross-site Scripting vulnerability in Jenkins
Since Jenkins 2.340, symbol-based icons unescape previously escaped values of `tooltip` parameters.

This vulnerability is known to be exploitable by attackers with Job/Configure permission.

Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability. Symbol-based icons no longer unescape values of `tooltip` parameters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34172.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34172.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34172
reference_id
reference_type
scores
0
value 0.04819
scoring_system epss
scoring_elements 0.89533
published_at 2026-04-24T12:55:00Z
1
value 0.04819
scoring_system epss
scoring_elements 0.89518
published_at 2026-04-21T12:55:00Z
2
value 0.04819
scoring_system epss
scoring_elements 0.89521
published_at 2026-04-18T12:55:00Z
3
value 0.04819
scoring_system epss
scoring_elements 0.8952
published_at 2026-04-16T12:55:00Z
4
value 0.04819
scoring_system epss
scoring_elements 0.89506
published_at 2026-04-13T12:55:00Z
5
value 0.06403
scoring_system epss
scoring_elements 0.90998
published_at 2026-04-04T12:55:00Z
6
value 0.06403
scoring_system epss
scoring_elements 0.90989
published_at 2026-04-02T12:55:00Z
7
value 0.06403
scoring_system epss
scoring_elements 0.91008
published_at 2026-04-07T12:55:00Z
8
value 0.06403
scoring_system epss
scoring_elements 0.91021
published_at 2026-04-08T12:55:00Z
9
value 0.06403
scoring_system epss
scoring_elements 0.91026
published_at 2026-04-09T12:55:00Z
10
value 0.06403
scoring_system epss
scoring_elements 0.91035
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34172
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34172
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34172
4
reference_url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119650
reference_id 2119650
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119650
6
reference_url https://github.com/advisories/GHSA-mhp7-3393-pfqr
reference_id GHSA-mhp7-3393-pfqr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhp7-3393-pfqr
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
aliases CVE-2022-34172, GHSA-mhp7-3393-pfqr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uwfz-czcp-qyd9
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.340