Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/nodejs-string-length@1.0.1-1?arch=el7aos
Typerpm
Namespaceredhat
Namenodejs-string-length
Version1.0.1-1
Qualifiers
arch el7aos
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-126z-y9y8-zqhx
vulnerability_id VCID-126z-y9y8-zqhx
summary 
Jenkins does not Verify Checksums for Plugin Files
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7539.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7539.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7539
reference_id
reference_type
scores
0
value 0.00768
scoring_system epss
scoring_elements 0.73851
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7539
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/11479a2cc0a322a6bcd7e65667f3d24aa4d444bb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/11479a2cc0a322a6bcd7e65667f3d24aa4d444bb
6
reference_url https://github.com/jenkinsci/jenkins/commit/97adb71aa4509f91e408a16ba312e817ec015cf4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/97adb71aa4509f91e408a16ba312e817ec015cf4
7
reference_url https://github.com/jenkinsci/jenkins/commit/9ec88357a354d8354728cc06e2b8c8b68aee58bf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/9ec88357a354d8354728cc06e2b8c8b68aee58bf
8
reference_url https://github.com/jenkinsci/jenkins/commit/c158648afa8888bc49ac337c973d4e4bc050118e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/c158648afa8888bc49ac337c973d4e4bc050118e
9
reference_url https://github.com/jenkinsci/jenkins/commit/f99cb46e06f394637067730a82f46bddc3567295
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/f99cb46e06f394637067730a82f46bddc3567295
10
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1291798
reference_id 1291798
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1291798
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7539
reference_id CVE-2015-7539
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7539
13
reference_url https://github.com/advisories/GHSA-x274-9m9r-fm5g
reference_id GHSA-x274-9m9r-fm5g
reference_type
scores
url https://github.com/advisories/GHSA-x274-9m9r-fm5g
14
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-7539, GHSA-x274-9m9r-fm5g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-126z-y9y8-zqhx
1
url VCID-1dxn-ck3w-97a2
vulnerability_id VCID-1dxn-ck3w-97a2
summary 
Jenkins Vulnerable to Denial of Service (DoS)
Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1844.html
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1844.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1808.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1808.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1808
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38681
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1808
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1205623
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1205623
5
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1808
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1808
7
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
8
reference_url https://access.redhat.com/errata/RHSA-2015:1844
reference_id RHSA-2015:1844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1844
fixed_packages
aliases CVE-2015-1808, GHSA-3rwx-3vwh-mwxc
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1dxn-ck3w-97a2
2
url VCID-44e7-q5az-kfdd
vulnerability_id VCID-44e7-q5az-kfdd
summary 
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3667.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3667.json
3
reference_url https://access.redhat.com/security/cve/CVE-2014-3667
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3667
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3667
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.17622
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3667
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147770
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147770
6
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
7
reference_url https://github.com/jenkinsci/jenkins/commit/f0a29b562e14d837912c6b35fa4e81478563813a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/f0a29b562e14d837912c6b35fa4e81478563813a
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3667
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3667
9
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
fixed_packages
aliases CVE-2014-3667, GHSA-5xm3-48v5-6h7v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44e7-q5az-kfdd
3
url VCID-4swh-vw4s-2kd3
vulnerability_id VCID-4swh-vw4s-2kd3
summary 
Jenkins Denial of Service vulnerability
CVE-2014-3661 jenkins: denial of service (SECURITY-87)
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3661.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3661.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3661
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.362
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3661
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147758
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147758
5
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
6
reference_url https://access.redhat.com/security/cve/CVE-2014-3661
reference_id CVE-2014-3661
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3661
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3661
reference_id CVE-2014-3661
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3661
8
reference_url https://github.com/advisories/GHSA-r5m2-g5gc-q43r
reference_id GHSA-r5m2-g5gc-q43r
reference_type
scores
url https://github.com/advisories/GHSA-r5m2-g5gc-q43r
fixed_packages
aliases CVE-2014-3661, GHSA-r5m2-g5gc-q43r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4swh-vw4s-2kd3
4
url VCID-6wp5-caas-v3a7
vulnerability_id VCID-6wp5-caas-v3a7
summary The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
1
reference_url https://access.redhat.com/errata/RHSA-2016:0351
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0351
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1905.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1905.json
3
reference_url https://access.redhat.com/security/cve/CVE-2016-1905
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2016-1905
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1905
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.4667
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1905
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1297910
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1297910
6
reference_url https://github.com/kubernetes/kubernetes/commit/9e6912384a5bc714f2a780b870944a8cee264a22
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/9e6912384a5bc714f2a780b870944a8cee264a22
7
reference_url https://github.com/kubernetes/kubernetes/issues/19479
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/19479
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1905
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1905
fixed_packages
aliases CVE-2016-1905, GHSA-xx8c-m748-xr4j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wp5-caas-v3a7
5
url VCID-aapq-z1px-pqaz
vulnerability_id VCID-aapq-z1px-pqaz
summary 
Jenkins allows for Privilege Escalation by Remote Authenticated Users
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1844.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1844.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1806.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1806.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1806
reference_id
reference_type
scores
0
value 0.00639
scoring_system epss
scoring_elements 0.70924
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1806
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1205620
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1205620
5
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1806
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1806
7
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
8
reference_url https://access.redhat.com/errata/RHSA-2015:1844
reference_id RHSA-2015:1844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1844
fixed_packages
aliases CVE-2015-1806, GHSA-mm9c-4cv4-7rfv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aapq-z1px-pqaz
6
url VCID-ab4r-frnk-mqcc
vulnerability_id VCID-ab4r-frnk-mqcc
summary 
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7538.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7538.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7538
reference_id
reference_type
scores
0
value 0.00234
scoring_system epss
scoring_elements 0.46426
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7538
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/ba747888108d0db90d469c6d210b1df465d8fac1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/ba747888108d0db90d469c6d210b1df465d8fac1
6
reference_url https://github.com/jenkinsci/jenkins/commit/ef2c0dc163695af3a57ad7a45571293377ff679b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/ef2c0dc163695af3a57ad7a45571293377ff679b
7
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1291797
reference_id 1291797
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1291797
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7538
reference_id CVE-2015-7538
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7538
10
reference_url https://github.com/advisories/GHSA-w7qm-fprw-cqgq
reference_id GHSA-w7qm-fprw-cqgq
reference_type
scores
url https://github.com/advisories/GHSA-w7qm-fprw-cqgq
11
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-7538, GHSA-w7qm-fprw-cqgq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ab4r-frnk-mqcc
7
url VCID-bx69-k68h-3fbx
vulnerability_id VCID-bx69-k68h-3fbx
summary 
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7537.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7537.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7537
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60887
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7537
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/40a28999e221a209212c30586be9c39049510bd1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/40a28999e221a209212c30586be9c39049510bd1
6
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1291795
reference_id 1291795
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1291795
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7537
reference_id CVE-2015-7537
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7537
9
reference_url https://github.com/advisories/GHSA-3vhr-f5xr-8vpx
reference_id GHSA-3vhr-f5xr-8vpx
reference_type
scores
url https://github.com/advisories/GHSA-3vhr-f5xr-8vpx
10
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-7537, GHSA-3vhr-f5xr-8vpx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bx69-k68h-3fbx
8
url VCID-cbvn-5xsf-fybd
vulnerability_id VCID-cbvn-5xsf-fybd
summary Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
1
reference_url https://access.redhat.com/errata/RHSA-2016:0351
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0351
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1906.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1906.json
3
reference_url https://access.redhat.com/security/cve/CVE-2016-1906
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2016-1906
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1906
reference_id
reference_type
scores
0
value 0.02541
scoring_system epss
scoring_elements 0.85739
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1906
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1297916
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1297916
6
reference_url https://github.com/openshift/origin/commit/d95ec085f03ecf10e8c424a4f0340ddb38891406
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openshift/origin/commit/d95ec085f03ecf10e8c424a4f0340ddb38891406
7
reference_url https://github.com/openshift/origin/issues/6556
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openshift/origin/issues/6556
8
reference_url https://github.com/openshift/origin/pull/6576
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openshift/origin/pull/6576
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1906
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1906
10
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1906
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1906
fixed_packages
aliases CVE-2016-1906, GHSA-m3fm-h5jp-q79p
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbvn-5xsf-fybd
9
url VCID-cyyt-dv19-aqgz
vulnerability_id VCID-cyyt-dv19-aqgz
summary 
Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5320.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5320.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5320
reference_id
reference_type
scores
0
value 0.00121
scoring_system epss
scoring_elements 0.3057
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5320
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1282363
reference_id 1282363
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1282363
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5320
reference_id CVE-2015-5320
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5320
7
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id CVE-2015-8103;OSVDB-130184
reference_type exploit
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
8
reference_url https://github.com/advisories/GHSA-449q-v4j2-5h8p
reference_id GHSA-449q-v4j2-5h8p
reference_type
scores
url https://github.com/advisories/GHSA-449q-v4j2-5h8p
9
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-5320, GHSA-449q-v4j2-5h8p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cyyt-dv19-aqgz
10
url VCID-e4rm-kjnr-kbd7
vulnerability_id VCID-e4rm-kjnr-kbd7
summary Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1869.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1869.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1869
reference_id
reference_type
scores
0
value 0.00599
scoring_system epss
scoring_elements 0.69809
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1869
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1063099
reference_id 1063099
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1063099
fixed_packages
aliases CVE-2014-1869
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4rm-kjnr-kbd7
11
url VCID-f2vg-xm25-ekd1
vulnerability_id VCID-f2vg-xm25-ekd1
summary 
Arbitrary file upload via deserialization
The DiskFileItem class in this package allows remote attackers to write to arbitrary files via a `NULL` byte in a file name in a serialized instance.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-1448.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1448.html
4
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2186.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2186.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2186
reference_id
reference_type
scores
0
value 0.87099
scoring_system epss
scoring_elements 0.9946
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2186
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2186
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2186
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/88133
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/88133
10
reference_url https://github.com/apache/commons-fileupload
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-fileupload
11
reference_url https://github.com/apache/commons-fileupload/blob/master/RELEASE-NOTES.txt
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-fileupload/blob/master/RELEASE-NOTES.txt
12
reference_url https://github.com/apache/commons-fileupload/commit/163a6061fbc077d4b6e4787d26857c2baba495d1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-fileupload/commit/163a6061fbc077d4b6e4787d26857c2baba495d1
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2186
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2186
14
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
15
reference_url https://www.tenable.com/security/research/tra-2016-23
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/research/tra-2016-23
16
reference_url http://ubuntu.com/usn/usn-2029-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-2029-1
17
reference_url http://www.debian.org/security/2013/dsa-2827
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2827
18
reference_url http://www.securityfocus.com/bid/63174
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/63174
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726601
reference_id 726601
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726601
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=974814
reference_id 974814
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=974814
21
reference_url https://access.redhat.com/security/cve/CVE-2013-2186
reference_id CVE-2013-2186
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2013-2186
22
reference_url https://access.redhat.com/errata/RHSA-2013:1428
reference_id RHSA-2013:1428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1428
23
reference_url https://access.redhat.com/errata/RHSA-2013:1429
reference_id RHSA-2013:1429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1429
24
reference_url https://access.redhat.com/errata/RHSA-2013:1430
reference_id RHSA-2013:1430
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1430
25
reference_url https://access.redhat.com/errata/RHSA-2013:1442
reference_id RHSA-2013:1442
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1442
26
reference_url https://access.redhat.com/errata/RHSA-2013:1448
reference_id RHSA-2013:1448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1448
fixed_packages
aliases CVE-2013-2186, GHSA-qx6h-9567-5fqw
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2vg-xm25-ekd1
12
url VCID-gmne-mnta-7khy
vulnerability_id VCID-gmne-mnta-7khy
summary 
Jenkins allows Unauthorized Viewing of Queue API Information
Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5324.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5324.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5324
reference_id
reference_type
scores
0
value 0.00164
scoring_system epss
scoring_elements 0.37059
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5324
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/33b55588a6a5f844a59f2cd8940d385c6d412eb5
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/33b55588a6a5f844a59f2cd8940d385c6d412eb5
6
reference_url https://github.com/jenkinsci/jenkins/commit/4a72e938d58598cd4bd3caa48ee9e8a3f60c30e4
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/4a72e938d58598cd4bd3caa48ee9e8a3f60c30e4
7
reference_url https://github.com/jenkinsci/jenkins/commit/581eb9ceb354b8a55c010d0547ff73cb6fd67a75
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/581eb9ceb354b8a55c010d0547ff73cb6fd67a75
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1282367
reference_id 1282367
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1282367
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5324
reference_id CVE-2015-5324
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5324
10
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id CVE-2015-8103;OSVDB-130184
reference_type exploit
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
11
reference_url https://github.com/advisories/GHSA-5xmf-9vgr-53mj
reference_id GHSA-5xmf-9vgr-53mj
reference_type
scores
url https://github.com/advisories/GHSA-5xmf-9vgr-53mj
12
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-5324, GHSA-5xmf-9vgr-53mj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gmne-mnta-7khy
13
url VCID-hdq6-1f1k-r7d7
vulnerability_id VCID-hdq6-1f1k-r7d7
summary 
Jenkins Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1844.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1812.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1812.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1812
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.44024
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1812
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1205615
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1205615
5
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
6
reference_url https://github.com/jenkinsci/jenkins/commit/f58ba6e72f978e2f73299e38a1b54ff70fc73fd8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/f58ba6e72f978e2f73299e38a1b54ff70fc73fd8
7
reference_url https://github.com/jenkinsci/jenkins/commit/f880d8d2cd9d46987ee3630fa04f77b17784f4e8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/f880d8d2cd9d46987ee3630fa04f77b17784f4e8
8
reference_url https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1812
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1812
10
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
11
reference_url https://access.redhat.com/errata/RHSA-2015:1844
reference_id RHSA-2015:1844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1844
fixed_packages
aliases CVE-2015-1812, GHSA-w5v7-q2j4-fvpf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hdq6-1f1k-r7d7
14
url VCID-hzw1-bfa6-47au
vulnerability_id VCID-hzw1-bfa6-47au
summary 
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5318.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5318.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5318
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.22798
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5318
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/f53802bb82a25b295b6dfa3bf2a591a6c8552183
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/f53802bb82a25b295b6dfa3bf2a591a6c8552183
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1282361
reference_id 1282361
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1282361
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5318
reference_id CVE-2015-5318
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5318
8
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id CVE-2015-8103;OSVDB-130184
reference_type exploit
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
9
reference_url https://github.com/advisories/GHSA-3wmv-7php-rhg5
reference_id GHSA-3wmv-7php-rhg5
reference_type
scores
url https://github.com/advisories/GHSA-3wmv-7php-rhg5
10
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-5318, GHSA-3wmv-7php-rhg5
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hzw1-bfa6-47au
15
url VCID-jj3u-n2vy-5fe8
vulnerability_id VCID-jj3u-n2vy-5fe8
summary 
Jenkins discloses project names via fingerprints
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5317.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5317.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5317
reference_id
reference_type
scores
0
value 0.39696
scoring_system epss
scoring_elements 0.9739
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5317
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4
6
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1282359
reference_id 1282359
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1282359
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5317
reference_id CVE-2015-5317
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5317
9
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id CVE-2015-8103;OSVDB-130184
reference_type exploit
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
10
reference_url https://github.com/advisories/GHSA-8pqx-3rxx-f5pm
reference_id GHSA-8pqx-3rxx-f5pm
reference_type
scores
url https://github.com/advisories/GHSA-8pqx-3rxx-f5pm
11
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-5317, GHSA-8pqx-3rxx-f5pm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jj3u-n2vy-5fe8
16
url VCID-jr67-gaw6-8kef
vulnerability_id VCID-jr67-gaw6-8kef
summary 
Jenkins has Local File Inclusion Vulnerability
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5322.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5322.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5322
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37201
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5322
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1282365
reference_id 1282365
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1282365
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5322
reference_id CVE-2015-5322
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5322
8
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id CVE-2015-8103;OSVDB-130184
reference_type exploit
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
9
reference_url https://github.com/advisories/GHSA-89vc-7frq-2rfj
reference_id GHSA-89vc-7frq-2rfj
reference_type
scores
url https://github.com/advisories/GHSA-89vc-7frq-2rfj
10
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-5322, GHSA-89vc-7frq-2rfj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jr67-gaw6-8kef
17
url VCID-jutz-hc8r-vqbg
vulnerability_id VCID-jutz-hc8r-vqbg
summary 
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3663.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3663.json
3
reference_url https://access.redhat.com/security/cve/CVE-2014-3663
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3663
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3663
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.2045
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3663
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147764
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147764
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3663
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3663
7
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
fixed_packages
aliases CVE-2014-3663, GHSA-64mc-2m9p-23c8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jutz-hc8r-vqbg
18
url VCID-k313-wjg2-wbaw
vulnerability_id VCID-k313-wjg2-wbaw
summary 
Jenkins allows for Privilege Escalation by Remote Authenticated Users
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1844.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1844.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1814.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1814.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1814
reference_id
reference_type
scores
0
value 0.00239
scoring_system epss
scoring_elements 0.4719
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1814
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1205616
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1205616
5
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
6
reference_url https://github.com/jenkinsci/jenkins/commit/57e78880cc035874bda916ef4d8d7fd7642af9db
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/57e78880cc035874bda916ef4d8d7fd7642af9db
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1814
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1814
8
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
9
reference_url https://access.redhat.com/errata/RHSA-2015:1844
reference_id RHSA-2015:1844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1844
fixed_packages
aliases CVE-2015-1814, GHSA-3269-jqp5-v8c9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k313-wjg2-wbaw
19
url VCID-kupx-qgas-r7fz
vulnerability_id VCID-kupx-qgas-r7fz
summary 
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5326.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5326.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5326
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.25775
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5326
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1282369
reference_id 1282369
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1282369
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5326
reference_id CVE-2015-5326
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5326
8
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id CVE-2015-8103;OSVDB-130184
reference_type exploit
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
9
reference_url https://github.com/advisories/GHSA-5mwr-jg3r-jv66
reference_id GHSA-5mwr-jg3r-jv66
reference_type
scores
url https://github.com/advisories/GHSA-5mwr-jg3r-jv66
10
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-5326, GHSA-5mwr-jg3r-jv66
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kupx-qgas-r7fz
20
url VCID-p8y3-m68e-xfgn
vulnerability_id VCID-p8y3-m68e-xfgn
summary 
Jenkins Path Traversal vulnerability
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3664.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3664.json
3
reference_url https://access.redhat.com/security/cve/CVE-2014-3664
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3664
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3664
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41046
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3664
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147765
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147765
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/96973
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/96973
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3664
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3664
8
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
fixed_packages
aliases CVE-2014-3664, GHSA-3gp5-92h5-h855
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p8y3-m68e-xfgn
21
url VCID-pnyj-k2gy-6kc6
vulnerability_id VCID-pnyj-k2gy-6kc6
summary 
Deserialization of Untrusted Data
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
references
0
reference_url http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkins
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkins
1
reference_url http://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
3
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8103.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8103.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8103
reference_id
reference_type
scores
0
value 0.86333
scoring_system epss
scoring_elements 0.99421
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8103
6
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
7
reference_url https://github.com/jenkinsci/jenkins/commit/5bd9b55a2a3249939fd78c501b8959a804c1164b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/5bd9b55a2a3249939fd78c501b8959a804c1164b
8
reference_url https://github.com/jenkinsci/jenkins/commit/b4193d1132089286ebeaf9d8872c839ad473329c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/b4193d1132089286ebeaf9d8872c839ad473329c
9
reference_url https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli
10
reference_url https://web.archive.org/web/20151225025917/http://www.securityfocus.com/bid/77636
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20151225025917/http://www.securityfocus.com/bid/77636
11
reference_url https://www.exploit-db.com/exploits/38983
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/38983
12
reference_url https://www.exploit-db.com/exploits/38983/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/38983/
13
reference_url http://www.openwall.com/lists/oss-security/2015/11/09/5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/11/09/5
14
reference_url http://www.openwall.com/lists/oss-security/2015/11/18/11
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/11/18/11
15
reference_url http://www.openwall.com/lists/oss-security/2015/11/18/13
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/11/18/13
16
reference_url http://www.openwall.com/lists/oss-security/2015/11/18/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/11/18/2
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1282371
reference_id 1282371
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1282371
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8103
reference_id CVE-2015-8103
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-8103
19
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/38983.rb
reference_id CVE-2015-8103;OSVDB-130184
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/38983.rb
20
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id CVE-2015-8103;OSVDB-130184
reference_type exploit
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
21
reference_url https://github.com/advisories/GHSA-wfw7-6632-xcv2
reference_id GHSA-wfw7-6632-xcv2
reference_type
scores
url https://github.com/advisories/GHSA-wfw7-6632-xcv2
22
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-8103, GHSA-wfw7-6632-xcv2
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnyj-k2gy-6kc6
22
url VCID-prkz-18vj-huam
vulnerability_id VCID-prkz-18vj-huam
summary 
Jenkins allows for Code Execution via Crafted Packet to the CLI
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3666.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3666.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3666
reference_id
reference_type
scores
0
value 0.01213
scoring_system epss
scoring_elements 0.7933
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3666
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/be195b0e19343bff6d966029d8eea99b2c039c32
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/be195b0e19343bff6d966029d8eea99b2c039c32
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3666
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3666
6
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147769
reference_id 1147769
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1147769
fixed_packages
aliases CVE-2014-3666, GHSA-fvfh-8mj3-23xj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prkz-18vj-huam
23
url VCID-px15-mdvh-8ybg
vulnerability_id VCID-px15-mdvh-8ybg
summary 
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1844.html
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1844.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1813.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1813.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1813
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.44024
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1813
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1205615
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1205615
5
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
6
reference_url https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1813
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1813
8
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
9
reference_url https://access.redhat.com/errata/RHSA-2015:1844
reference_id RHSA-2015:1844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1844
fixed_packages
aliases CVE-2015-1813, GHSA-9h85-v6xf-h26q
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-px15-mdvh-8ybg
24
url VCID-qjvu-1kem-h3d8
vulnerability_id VCID-qjvu-1kem-h3d8
summary 
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3680.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3680.json
2
reference_url https://access.redhat.com/security/cve/CVE-2014-3680
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3680
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3680
reference_id
reference_type
scores
0
value 0.00075
scoring_system epss
scoring_elements 0.22739
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3680
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1148645
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1148645
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3680
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3680
6
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
fixed_packages
aliases CVE-2014-3680, GHSA-8x8p-mfwv-9fjw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjvu-1kem-h3d8
25
url VCID-qrku-1znm-6ken
vulnerability_id VCID-qrku-1znm-6ken
summary 
Jenkins Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3681.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3681.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3681
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.4837
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3681
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147766
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147766
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/96975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/96975
6
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
7
reference_url https://access.redhat.com/security/cve/CVE-2014-3681
reference_id CVE-2014-3681
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3681
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3681
reference_id CVE-2014-3681
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3681
9
reference_url https://github.com/advisories/GHSA-cwh9-f8m6-6r63
reference_id GHSA-cwh9-f8m6-6r63
reference_type
scores
url https://github.com/advisories/GHSA-cwh9-f8m6-6r63
fixed_packages
aliases CVE-2014-3681, GHSA-cwh9-f8m6-6r63
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrku-1znm-6ken
26
url VCID-qtrn-g5ck-d3gs
vulnerability_id VCID-qtrn-g5ck-d3gs
summary 
Jenkins has Information Disclosure via Sidepanel Widget
The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5321.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5321.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5321
reference_id
reference_type
scores
0
value 0.00121
scoring_system epss
scoring_elements 0.3057
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5321
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/251bdb00ab3cf4435416f0a55fa3bccf7f58896a
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/251bdb00ab3cf4435416f0a55fa3bccf7f58896a
6
reference_url https://github.com/jenkinsci/jenkins/commit/9e439d462c28fe1c96799c89709dc5d0cb8ab8fa
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/9e439d462c28fe1c96799c89709dc5d0cb8ab8fa
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1282364
reference_id 1282364
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1282364
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5321
reference_id CVE-2015-5321
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5321
9
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id CVE-2015-8103;OSVDB-130184
reference_type exploit
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
10
reference_url https://github.com/advisories/GHSA-4653-rmch-3g2g
reference_id GHSA-4653-rmch-3g2g
reference_type
scores
url https://github.com/advisories/GHSA-4653-rmch-3g2g
11
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-5321, GHSA-4653-rmch-3g2g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtrn-g5ck-d3gs
27
url VCID-s7kj-9zkw-ubdm
vulnerability_id VCID-s7kj-9zkw-ubdm
summary jenkins: directory traversal from artifacts via symlink (SECURITY-162)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1807.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1807.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1807
reference_id
reference_type
scores
0
value 0.00128
scoring_system epss
scoring_elements 0.31774
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1807
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1205622
reference_id 1205622
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1205622
3
reference_url https://access.redhat.com/errata/RHSA-2015:1844
reference_id RHSA-2015:1844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1844
fixed_packages
aliases CVE-2015-1807
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s7kj-9zkw-ubdm
28
url VCID-ss6w-thk4-7fd3
vulnerability_id VCID-ss6w-thk4-7fd3
summary 
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1844.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1844.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1810.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1810.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1810
reference_id
reference_type
scores
0
value 0.00433
scoring_system epss
scoring_elements 0.6309
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1810
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1205627
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1205627
5
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
6
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1810
reference_id CVE-2015-1810
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1810
8
reference_url https://github.com/advisories/GHSA-37wm-28rm-56vw
reference_id GHSA-37wm-28rm-56vw
reference_type
scores
url https://github.com/advisories/GHSA-37wm-28rm-56vw
9
reference_url https://access.redhat.com/errata/RHSA-2015:1844
reference_id RHSA-2015:1844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1844
fixed_packages
aliases CVE-2015-1810, GHSA-37wm-28rm-56vw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ss6w-thk4-7fd3
29
url VCID-swpw-2zw3-d3hy
vulnerability_id VCID-swpw-2zw3-d3hy
summary 
Jenkins allows Bypass of Access Restrictions
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5325.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5325.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5325
reference_id
reference_type
scores
0
value 0.00086
scoring_system epss
scoring_elements 0.24778
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5325
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/054a329c59171ca12ff98f7063ce7fd053ee08bf
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/054a329c59171ca12ff98f7063ce7fd053ee08bf
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1282368
reference_id 1282368
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1282368
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5325
reference_id CVE-2015-5325
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5325
8
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id CVE-2015-8103;OSVDB-130184
reference_type exploit
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
9
reference_url https://github.com/advisories/GHSA-x2q2-8pwq-fr5r
reference_id GHSA-x2q2-8pwq-fr5r
reference_type
scores
url https://github.com/advisories/GHSA-x2q2-8pwq-fr5r
10
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-5325, GHSA-x2q2-8pwq-fr5r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swpw-2zw3-d3hy
30
url VCID-uxkw-sxe4-gffs
vulnerability_id VCID-uxkw-sxe4-gffs
summary 
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5319.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5319.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5319
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.39743
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5319
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/e78e9e8144f7304cf274cd4b756f458cf63a3556
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/e78e9e8144f7304cf274cd4b756f458cf63a3556
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1282362
reference_id 1282362
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1282362
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5319
reference_id CVE-2015-5319
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5319
8
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id CVE-2015-8103;OSVDB-130184
reference_type exploit
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
9
reference_url https://github.com/advisories/GHSA-3j9c-cp7m-8w8g
reference_id GHSA-3j9c-cp7m-8w8g
reference_type
scores
url https://github.com/advisories/GHSA-3j9c-cp7m-8w8g
10
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-5319, GHSA-3j9c-cp7m-8w8g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxkw-sxe4-gffs
31
url VCID-vuwz-whaq-rybd
vulnerability_id VCID-vuwz-whaq-rybd
summary 
Jenkins allows Administrators to Access API Tokens
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0489.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0489.html
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5323.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5323.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5323
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37244
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5323
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1282366
reference_id 1282366
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1282366
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5323
reference_id CVE-2015-5323
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5323
8
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id CVE-2015-8103;OSVDB-130184
reference_type exploit
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
9
reference_url https://github.com/advisories/GHSA-x4m5-j4x4-4wjg
reference_id GHSA-x4m5-j4x4-4wjg
reference_type
scores
url https://github.com/advisories/GHSA-x4m5-j4x4-4wjg
10
reference_url https://access.redhat.com/errata/RHSA-2016:0489
reference_id RHSA-2016:0489
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0489
fixed_packages
aliases CVE-2015-5323, GHSA-x4m5-j4x4-4wjg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vuwz-whaq-rybd
32
url VCID-wbmv-s3gz-xfe4
vulnerability_id VCID-wbmv-s3gz-xfe4
summary 
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3662.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3662.json
3
reference_url https://access.redhat.com/security/cve/CVE-2014-3662
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3662
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3662
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.28403
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3662
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147759
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147759
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3662
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3662
7
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
fixed_packages
aliases CVE-2014-3662, GHSA-fxqr-px2m-fvc2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbmv-s3gz-xfe4
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nodejs-string-length@1.0.1-1%3Farch=el7aos