Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0?arch=el6op
Typerpm
Namespaceredhat
Namejenkins-plugin-openshift
Version0.6.40.1-0
Qualifiers
arch el6op
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-23j3-mret-p3fu
vulnerability_id VCID-23j3-mret-p3fu
summary 
Jenkins allows attackers to configure restricted projects
Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7330.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7330.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7330
reference_id
reference_type
scores
0
value 0.00068
scoring_system epss
scoring_elements 0.21229
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7330
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8
4
reference_url https://github.com/jenkinsci/jenkins/commit/757bc8a53956e6fbab267214e6e0896f03c3c262
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/757bc8a53956e6fbab267214e6e0896f03c3c262
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-7330
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-7330
6
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
7
reference_url http://www.openwall.com/lists/oss-security/2014/02/21/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/21/2
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1067799
reference_id 1067799
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1067799
fixed_packages
aliases CVE-2013-7330, GHSA-h5jv-hg68-mjhg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23j3-mret-p3fu
1
url VCID-44e7-q5az-kfdd
vulnerability_id VCID-44e7-q5az-kfdd
summary 
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3667.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3667.json
3
reference_url https://access.redhat.com/security/cve/CVE-2014-3667
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3667
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3667
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.17622
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3667
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147770
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147770
6
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
7
reference_url https://github.com/jenkinsci/jenkins/commit/f0a29b562e14d837912c6b35fa4e81478563813a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/f0a29b562e14d837912c6b35fa4e81478563813a
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3667
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3667
9
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
10
reference_url https://github.com/advisories/GHSA-5xm3-48v5-6h7v
reference_id GHSA-5xm3-48v5-6h7v
reference_type
scores
url https://github.com/advisories/GHSA-5xm3-48v5-6h7v
fixed_packages
aliases CVE-2014-3667, GHSA-5xm3-48v5-6h7v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44e7-q5az-kfdd
2
url VCID-4swh-vw4s-2kd3
vulnerability_id VCID-4swh-vw4s-2kd3
summary 
Jenkins Denial of Service vulnerability
CVE-2014-3661 jenkins: denial of service (SECURITY-87)
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3661.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3661.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3661
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.362
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3661
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147758
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147758
5
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
6
reference_url https://access.redhat.com/security/cve/CVE-2014-3661
reference_id CVE-2014-3661
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3661
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3661
reference_id CVE-2014-3661
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3661
8
reference_url https://github.com/advisories/GHSA-r5m2-g5gc-q43r
reference_id GHSA-r5m2-g5gc-q43r
reference_type
scores
url https://github.com/advisories/GHSA-r5m2-g5gc-q43r
fixed_packages
aliases CVE-2014-3661, GHSA-r5m2-g5gc-q43r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4swh-vw4s-2kd3
3
url VCID-86yj-6jrx-audb
vulnerability_id VCID-86yj-6jrx-audb
summary 
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6372.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6372.json
2
reference_url https://access.redhat.com/security/cve/CVE-2013-6372
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-6372
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6372
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.19298
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6372
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1032391
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1032391
5
reference_url https://github.com/jenkinsci/subversion-plugin
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/subversion-plugin
6
reference_url https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6372
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6372
8
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
9
reference_url https://github.com/advisories/GHSA-c4fr-gx5w-8qf2
reference_id GHSA-c4fr-gx5w-8qf2
reference_type
scores
url https://github.com/advisories/GHSA-c4fr-gx5w-8qf2
fixed_packages
aliases CVE-2013-6372, GHSA-c4fr-gx5w-8qf2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86yj-6jrx-audb
4
url VCID-8du4-pguk-xufz
vulnerability_id VCID-8du4-pguk-xufz
summary OpenShift: /proc/net/tcp information disclosure
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3602.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3602.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3602
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.15532
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3602
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1131680
reference_id 1131680
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1131680
3
reference_url https://access.redhat.com/errata/RHSA-2014:1796
reference_id RHSA-2014:1796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1796
4
reference_url https://access.redhat.com/errata/RHSA-2014:1906
reference_id RHSA-2014:1906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1906
fixed_packages
aliases CVE-2014-3602
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8du4-pguk-xufz
5
url VCID-dyzn-kn37-9ub7
vulnerability_id VCID-dyzn-kn37-9ub7
summary 
Jenkins cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2065.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2065.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2065
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.33382
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2065
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2065
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2065
5
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
6
reference_url http://www.openwall.com/lists/oss-security/2014/02/21/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/21/2
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1067820
reference_id 1067820
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1067820
fixed_packages
aliases CVE-2014-2065, GHSA-fxj8-cqcp-3vgq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dyzn-kn37-9ub7
6
url VCID-gngu-jj3a-8fhk
vulnerability_id VCID-gngu-jj3a-8fhk
summary 
Jenkins cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2067.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2067.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2067
reference_id
reference_type
scores
0
value 0.00109
scoring_system epss
scoring_elements 0.28848
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2067
2
reference_url http://seclists.org/oss-sec/2014/q1/421
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q1/421
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/91354
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/91354
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2067
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2067
7
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1067832
reference_id 1067832
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1067832
fixed_packages
aliases CVE-2014-2067, GHSA-vj6q-v2h7-6q5m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gngu-jj3a-8fhk
7
url VCID-jrar-ahy7-4ud5
vulnerability_id VCID-jrar-ahy7-4ud5
summary 
Jenkins directory traversal vulnerability
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2059.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2059.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2059
reference_id
reference_type
scores
0
value 0.01968
scoring_system epss
scoring_elements 0.83854
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2059
2
reference_url http://seclists.org/oss-sec/2014/q1/421
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q1/421
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/91346
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/91346
4
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
5
reference_url https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2059
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2059
7
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1067801
reference_id 1067801
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1067801
fixed_packages
aliases CVE-2014-2059, GHSA-v759-3fh9-84mx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrar-ahy7-4ud5
8
url VCID-jutz-hc8r-vqbg
vulnerability_id VCID-jutz-hc8r-vqbg
summary 
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3663.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3663.json
3
reference_url https://access.redhat.com/security/cve/CVE-2014-3663
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3663
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3663
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.2045
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3663
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147764
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147764
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3663
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3663
7
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
8
reference_url https://github.com/advisories/GHSA-64mc-2m9p-23c8
reference_id GHSA-64mc-2m9p-23c8
reference_type
scores
url https://github.com/advisories/GHSA-64mc-2m9p-23c8
fixed_packages
aliases CVE-2014-3663, GHSA-64mc-2m9p-23c8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jutz-hc8r-vqbg
9
url VCID-k36j-f4b3-8bfj
vulnerability_id VCID-k36j-f4b3-8bfj
summary 
Jenkin allows attackers to obtain passwords by reading the HTML source code
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2061.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2061.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2061
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.52014
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2061
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2061
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2061
5
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
6
reference_url http://www.openwall.com/lists/oss-security/2014/02/21/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/21/2
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1067808
reference_id 1067808
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1067808
fixed_packages
aliases CVE-2014-2061, GHSA-rxfv-gm5x-9wqj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k36j-f4b3-8bfj
10
url VCID-mq9r-9w5v-huca
vulnerability_id VCID-mq9r-9w5v-huca
summary 
Jenkins Monitoring Plugin allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3678.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3678.json
2
reference_url https://access.redhat.com/security/cve/CVE-2014-3678
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3678
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3678
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.48982
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3678
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147760
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147760
5
reference_url https://github.com/jenkinsci/monitoring-plugin
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/monitoring-plugin
6
reference_url https://github.com/jenkinsci/monitoring-plugin/commit/f0f6aeef2032696c97d4b015dd51fa2b841b0473
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/monitoring-plugin/commit/f0f6aeef2032696c97d4b015dd51fa2b841b0473
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3678
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3678
8
reference_url https://wiki.jenkins-ci.org/display/JENKINS/Monitoring
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/JENKINS/Monitoring
9
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
10
reference_url https://github.com/advisories/GHSA-ghjw-fc9q-jj8c
reference_id GHSA-ghjw-fc9q-jj8c
reference_type
scores
url https://github.com/advisories/GHSA-ghjw-fc9q-jj8c
fixed_packages
aliases CVE-2014-3678, GHSA-ghjw-fc9q-jj8c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mq9r-9w5v-huca
11
url VCID-p8y3-m68e-xfgn
vulnerability_id VCID-p8y3-m68e-xfgn
summary 
Jenkins Path Traversal vulnerability
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3664.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3664.json
3
reference_url https://access.redhat.com/security/cve/CVE-2014-3664
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3664
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3664
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41046
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3664
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147765
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147765
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/96973
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/96973
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3664
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3664
8
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
9
reference_url https://github.com/advisories/GHSA-3gp5-92h5-h855
reference_id GHSA-3gp5-92h5-h855
reference_type
scores
url https://github.com/advisories/GHSA-3gp5-92h5-h855
fixed_packages
aliases CVE-2014-3664, GHSA-3gp5-92h5-h855
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p8y3-m68e-xfgn
12
url VCID-pd5w-n7r7-b7g8
vulnerability_id VCID-pd5w-n7r7-b7g8
summary 
Jenkins allows Remote Attackers to Hijack Sessions
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2060.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2060.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2060
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34529
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2060
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2060
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2060
4
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
5
reference_url http://www.openwall.com/lists/oss-security/2014/02/21/2
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/21/2
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1067806
reference_id 1067806
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1067806
7
reference_url https://github.com/advisories/GHSA-9c26-cf8c-mw43
reference_id GHSA-9c26-cf8c-mw43
reference_type
scores
url https://github.com/advisories/GHSA-9c26-cf8c-mw43
fixed_packages
aliases CVE-2014-2060, GHSA-9c26-cf8c-mw43
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pd5w-n7r7-b7g8
13
url VCID-prkz-18vj-huam
vulnerability_id VCID-prkz-18vj-huam
summary 
Jenkins allows for Code Execution via Crafted Packet to the CLI
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3666.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3666.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3666
reference_id
reference_type
scores
0
value 0.01213
scoring_system epss
scoring_elements 0.7933
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3666
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/be195b0e19343bff6d966029d8eea99b2c039c32
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/be195b0e19343bff6d966029d8eea99b2c039c32
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3666
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3666
6
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147769
reference_id 1147769
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1147769
8
reference_url https://github.com/advisories/GHSA-fvfh-8mj3-23xj
reference_id GHSA-fvfh-8mj3-23xj
reference_type
scores
url https://github.com/advisories/GHSA-fvfh-8mj3-23xj
fixed_packages
aliases CVE-2014-3666, GHSA-fvfh-8mj3-23xj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prkz-18vj-huam
14
url VCID-qctz-vs9y-s7fr
vulnerability_id VCID-qctz-vs9y-s7fr
summary 
Jenkins allows Cross-Site Scripting (XSS) in User Configuration
Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.
references
0
reference_url http://packetstormsecurity.com/files/124513
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/124513
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5573.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5573.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-5573
reference_id
reference_type
scores
0
value 0.01627
scoring_system epss
scoring_elements 0.82209
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-5573
3
reference_url http://seclists.org/bugtraq/2013/Dec/104
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://seclists.org/bugtraq/2013/Dec/104
4
reference_url http://seclists.org/fulldisclosure/2013/Dec/159
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2013/Dec/159
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/89872
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/89872
6
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
7
reference_url https://web.archive.org/web/20200229071540/http://www.securityfocus.com/bid/64414
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229071540/http://www.securityfocus.com/bid/64414
8
reference_url http://www.exploit-db.com/exploits/30408
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.exploit-db.com/exploits/30408
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1044976
reference_id 1044976
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1044976
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-5573
reference_id CVE-2013-5573
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-5573
11
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30408.txt
reference_id CVE-2013-5573;OSVDB-101187
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30408.txt
12
reference_url https://github.com/advisories/GHSA-52g6-pfrq-rxfv
reference_id GHSA-52g6-pfrq-rxfv
reference_type
scores
url https://github.com/advisories/GHSA-52g6-pfrq-rxfv
fixed_packages
aliases CVE-2013-5573, GHSA-52g6-pfrq-rxfv
risk_score 5.4
exploitability 2.0
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qctz-vs9y-s7fr
15
url VCID-qrku-1znm-6ken
vulnerability_id VCID-qrku-1znm-6ken
summary 
Jenkins Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3681.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3681.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3681
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.4837
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3681
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147766
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147766
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/96975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/96975
6
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
7
reference_url https://access.redhat.com/security/cve/CVE-2014-3681
reference_id CVE-2014-3681
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3681
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3681
reference_id CVE-2014-3681
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3681
9
reference_url https://github.com/advisories/GHSA-cwh9-f8m6-6r63
reference_id GHSA-cwh9-f8m6-6r63
reference_type
scores
url https://github.com/advisories/GHSA-cwh9-f8m6-6r63
fixed_packages
aliases CVE-2014-3681, GHSA-cwh9-f8m6-6r63
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrku-1znm-6ken
16
url VCID-rczn-8mhg-r3gt
vulnerability_id VCID-rczn-8mhg-r3gt
summary 
Jenkins allows attackers to determine whether a user exists
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2064.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2064.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2064
reference_id
reference_type
scores
0
value 0.00389
scoring_system epss
scoring_elements 0.60301
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2064
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2064
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2064
5
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
6
reference_url http://www.openwall.com/lists/oss-security/2014/02/21/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/21/2
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1067817
reference_id 1067817
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1067817
fixed_packages
aliases CVE-2014-2064, GHSA-9vg9-x38g-9hfx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rczn-8mhg-r3gt
17
url VCID-u5tc-wg7e-hugj
vulnerability_id VCID-u5tc-wg7e-hugj
summary 
Jenkins Vulnerable to Clickjacking
Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2063.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2063.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2063
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62794
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2063
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2063
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2063
5
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
6
reference_url http://www.openwall.com/lists/oss-security/2014/02/21/2
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/21/2
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1067812
reference_id 1067812
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1067812
8
reference_url https://github.com/advisories/GHSA-w3f5-gq7j-m797
reference_id GHSA-w3f5-gq7j-m797
reference_type
scores
url https://github.com/advisories/GHSA-w3f5-gq7j-m797
fixed_packages
aliases CVE-2014-2063, GHSA-w3f5-gq7j-m797
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5tc-wg7e-hugj
18
url VCID-wbmv-s3gz-xfe4
vulnerability_id VCID-wbmv-s3gz-xfe4
summary 
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0070
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3662.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3662.json
3
reference_url https://access.redhat.com/security/cve/CVE-2014-3662
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3662
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3662
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.28403
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3662
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147759
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147759
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3662
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3662
7
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
8
reference_url https://github.com/advisories/GHSA-fxqr-px2m-fvc2
reference_id GHSA-fxqr-px2m-fvc2
reference_type
scores
url https://github.com/advisories/GHSA-fxqr-px2m-fvc2
fixed_packages
aliases CVE-2014-3662, GHSA-fxqr-px2m-fvc2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbmv-s3gz-xfe4
19
url VCID-ww5y-dfs2-ubef
vulnerability_id VCID-ww5y-dfs2-ubef
summary Enterprise: gears fail to properly isolate network traffic
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3674.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3674.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3674
reference_id
reference_type
scores
0
value 0.004
scoring_system epss
scoring_elements 0.61032
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3674
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1148170
reference_id 1148170
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1148170
3
reference_url https://access.redhat.com/errata/RHSA-2014:1796
reference_id RHSA-2014:1796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1796
4
reference_url https://access.redhat.com/errata/RHSA-2014:1906
reference_id RHSA-2014:1906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1906
fixed_packages
aliases CVE-2014-3674
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ww5y-dfs2-ubef
20
url VCID-xazs-qswk-97hg
vulnerability_id VCID-xazs-qswk-97hg
summary 
Jenkins session fixation vulnerability
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2066.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2066.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2066
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33578
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2066
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2066
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2066
5
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
6
reference_url http://www.openwall.com/lists/oss-security/2014/02/21/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/21/2
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1067827
reference_id 1067827
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1067827
fixed_packages
aliases CVE-2014-2066, GHSA-8jfx-h6q2-v4g3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xazs-qswk-97hg
21
url VCID-z5nz-eya3-ebez
vulnerability_id VCID-z5nz-eya3-ebez
summary 
Jenkins allows attackers to obtain sensitive information
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2068.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2068.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2068
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24658
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2068
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2068
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2068
5
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
6
reference_url http://www.openwall.com/lists/oss-security/2014/02/21/2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/21/2
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1067835
reference_id 1067835
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1067835
fixed_packages
aliases CVE-2014-2068, GHSA-pv88-j6rg-r56p
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5nz-eya3-ebez
22
url VCID-zwgz-acg7-sbh3
vulnerability_id VCID-zwgz-acg7-sbh3
summary 
Jenkins does not invalidate the API token when a user is deleted
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2062.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2062.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2062
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40227
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2062
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2062
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2062
5
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
6
reference_url http://www.openwall.com/lists/oss-security/2014/02/21/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/21/2
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1067811
reference_id 1067811
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1067811
fixed_packages
aliases CVE-2014-2062, GHSA-vxc6-wvh8-fpxw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwgz-acg7-sbh3
23
url VCID-zyc8-haw1-53dc
vulnerability_id VCID-zyc8-haw1-53dc
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-3665 jenkins: remote code execution from slaves (SECURITY-144)
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:1630
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:1630
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3665.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3665.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3665
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.57938
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3665
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147767
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1147767
4
reference_url https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control
5
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30
6
reference_url https://access.redhat.com/security/cve/CVE-2014-3665
reference_id CVE-2014-3665
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3665
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3665
reference_id CVE-2014-3665
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3665
8
reference_url https://github.com/advisories/GHSA-66cr-6whx-732p
reference_id GHSA-66cr-6whx-732p
reference_type
scores
url https://github.com/advisories/GHSA-66cr-6whx-732p
fixed_packages
aliases CVE-2014-3665, GHSA-66cr-6whx-732p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zyc8-haw1-53dc
Fixing_vulnerabilities
Risk_score5.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0%3Farch=el6op