Package Instance

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418724
reference_id	1418724
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url

reference_id

CVE-2017-2608

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

GHSA-fwqr-3pvp-pjwq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2598.json

fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.45
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.45
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.45

aliases CVE-2017-2608, GHSA-fwqr-3pvp-pjwq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wb3y-k94s-eyb4

Fixing_vulnerabilities

url VCID-1gnc-b5tg-3fhe

vulnerability_id VCID-1gnc-b5tg-3fhe

summary

Inadequate Encryption Strength
Jenkins uses `AES ECB` block cipher mode without an `IV` for encrypting secrets, which makes Jenkins and the stored secrets vulnerable to unnecessary risks.

references

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2598.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2598

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.18412
published_at	2026-04-26T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18429
published_at	2026-04-24T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18532
published_at	2026-04-21T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18512
published_at	2026-04-18T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18503
published_at	2026-04-16T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18522
published_at	2026-04-07T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18654
published_at	2026-04-09T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.1875
published_at	2026-04-02T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18804
published_at	2026-04-04T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18601
published_at	2026-04-08T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.1856
published_at	2026-04-13T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18611
published_at	2026-04-12T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18659
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2598

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2598

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url	http://www.securityfocus.com/bid/95948
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95948

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418696
reference_id	1418696
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418696

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url

reference_id

CVE-2017-2598

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2598

reference_url

https://github.com/advisories/GHSA-r9q2-3r6x-qmgp

reference_id

GHSA-r9q2-3r6x-qmgp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r9q2-3r6x-qmgp

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2598, GHSA-r9q2-3r6x-qmgp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1gnc-b5tg-3fhe

url VCID-2zwg-a71p-r7hs

vulnerability_id VCID-2zwg-a71p-r7hs

summary

Improper Privilege Management
Jenkins is vulnerable to an insufficient permission check for periodic processes.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2611.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2611.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2611

reference_id

reference_type

scores

value	0.00293
scoring_system	epss
scoring_elements	0.52613
published_at	2026-04-26T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52602
published_at	2026-04-24T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52653
published_at	2026-04-11T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52564
published_at	2026-04-02T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.5259
published_at	2026-04-04T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52557
published_at	2026-04-07T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52608
published_at	2026-04-08T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52603
published_at	2026-04-09T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52636
published_at	2026-04-12T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52651
published_at	2026-04-21T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52667
published_at	2026-04-18T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52518
published_at	2026-04-01T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.5266
published_at	2026-04-16T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52622
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2611

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611

reference_url

https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95956

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95956

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418729
reference_id	1418729
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418729

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0::::enterprise:::
reference_id	cpe:2.3:a:redhat:openshift:2.0::::enterprise:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0::::enterprise:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:3.0::::enterprise:::
reference_id	cpe:2.3:a:redhat:openshift:3.0::::enterprise:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:3.0::::enterprise:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2611

reference_id

CVE-2017-2611

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2611

reference_url

https://github.com/advisories/GHSA-3297-944x-j7x7

reference_id

GHSA-3297-944x-j7x7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3297-944x-j7x7

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2611, GHSA-3297-944x-j7x7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2zwg-a71p-r7hs

url VCID-6cw8-67c2-1ugk

vulnerability_id VCID-6cw8-67c2-1ugk

summary

Information Exposure
Jenkins is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible. This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an `UnprotectedRootAction`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2606.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2606.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2606

reference_id

reference_type

scores

value	0.00081
scoring_system	epss
scoring_elements	0.2369
published_at	2026-04-26T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23701
published_at	2026-04-24T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23819
published_at	2026-04-21T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23839
published_at	2026-04-18T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.2385
published_at	2026-04-16T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23838
published_at	2026-04-13T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23807
published_at	2026-04-07T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.2392
published_at	2026-04-09T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23874
published_at	2026-04-08T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23983
published_at	2026-04-02T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.24023
published_at	2026-04-04T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23893
published_at	2026-04-12T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23937
published_at	2026-04-11T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23864
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2606

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2606

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2606

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/09cfbc9cd5c9df7c763bc976b7f5c51266b63719

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/09cfbc9cd5c9df7c763bc976b7f5c51266b63719

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95962

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95962

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418717
reference_id	1418717
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418717

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2606

reference_id

CVE-2017-2606

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2606

reference_url

https://github.com/advisories/GHSA-6967-9vvv-4cmm

reference_id

GHSA-6967-9vvv-4cmm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6967-9vvv-4cmm

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2606, GHSA-6967-9vvv-4cmm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cw8-67c2-1ugk

url VCID-8u35-jee9-5qes

vulnerability_id VCID-8u35-jee9-5qes

summary

Information Exposure
In Jenkins, monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2600.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2600.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2600

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.10086
published_at	2026-04-26T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10106
published_at	2026-04-24T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10131
published_at	2026-04-21T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10002
published_at	2026-04-18T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10025
published_at	2026-04-16T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10152
published_at	2026-04-13T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10171
published_at	2026-04-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10077
published_at	2026-04-02T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10137
published_at	2026-04-04T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10035
published_at	2026-04-07T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10111
published_at	2026-04-08T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09952
published_at	2026-04-01T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10172
published_at	2026-04-12T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10211
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2600

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2600

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url	http://www.securityfocus.com/bid/95954
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95954

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418703
reference_id	1418703
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418703

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url

reference_id

CVE-2017-2600

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2600

reference_url

https://github.com/advisories/GHSA-wj5c-j656-h5fw

reference_id

GHSA-wj5c-j656-h5fw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wj5c-j656-h5fw

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2600, GHSA-wj5c-j656-h5fw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8u35-jee9-5qes

url VCID-fndu-scdw-jueh

vulnerability_id VCID-fndu-scdw-jueh

summary

Improper Authentication
In Jenkins, low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2604.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2604.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2604

reference_id

reference_type

scores

value	0.00087
scoring_system	epss
scoring_elements	0.24882
published_at	2026-04-26T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24893
published_at	2026-04-24T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.2495
published_at	2026-04-21T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24978
published_at	2026-04-18T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24986
published_at	2026-04-16T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25009
published_at	2026-04-08T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25128
published_at	2026-04-02T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25168
published_at	2026-04-04T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24941
published_at	2026-04-07T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25054
published_at	2026-04-09T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24974
published_at	2026-04-13T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25051
published_at	2026-04-01T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25028
published_at	2026-04-12T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25068
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2604

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2604

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url	http://www.securityfocus.com/bid/95959
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95959

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418714
reference_id	1418714
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418714

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url

reference_id

CVE-2017-2604

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2604

reference_url

https://github.com/advisories/GHSA-m93h-5qmx-pphg

reference_id

GHSA-m93h-5qmx-pphg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m93h-5qmx-pphg

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2604, GHSA-m93h-5qmx-pphg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fndu-scdw-jueh

url VCID-h23h-s8t3-byhr

vulnerability_id VCID-h23h-s8t3-byhr

summary

Cross-site Scripting
Jenkins is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2610.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2610.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2610

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.19026
published_at	2026-04-26T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19037
published_at	2026-04-24T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19268
published_at	2026-04-11T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19361
published_at	2026-04-02T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19412
published_at	2026-04-04T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19129
published_at	2026-04-07T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19209
published_at	2026-04-08T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19262
published_at	2026-04-09T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19221
published_at	2026-04-12T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19144
published_at	2026-04-21T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19136
published_at	2026-04-18T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19227
published_at	2026-04-01T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19127
published_at	2026-04-16T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19167
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2610

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2610

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2610

reference_url

https://github.com/jenkinsci/jenkins/commit/307ed31caba68a46426b8c73a787a05add2c7489

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/307ed31caba68a46426b8c73a787a05add2c7489

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95951

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95951

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418727
reference_id	1418727
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418727

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2610

reference_id

CVE-2017-2610

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2610

reference_url

https://github.com/advisories/GHSA-jff5-55xj-4jcq

reference_id

GHSA-jff5-55xj-4jcq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jff5-55xj-4jcq

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2610, GHSA-jff5-55xj-4jcq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h23h-s8t3-byhr

url VCID-hgy1-h6aj-dbbu

vulnerability_id VCID-hgy1-h6aj-dbbu

summary

Information Exposure
Jenkins is vulnerable to an information disclosure vulnerability in search suggestions. The `autocomplete` feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2609.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2609.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2609

reference_id

reference_type

scores

value	0.00084
scoring_system	epss
scoring_elements	0.24383
published_at	2026-04-26T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24398
published_at	2026-04-24T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24457
published_at	2026-04-21T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24482
published_at	2026-04-18T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24445
published_at	2026-04-07T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24573
published_at	2026-04-11T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24635
published_at	2026-04-02T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24672
published_at	2026-04-04T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24513
published_at	2026-04-08T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24487
published_at	2026-04-16T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24473
published_at	2026-04-13T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24557
published_at	2026-04-09T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.2453
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2609

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319

reference_url

http://www.securityfocus.com/bid/95964

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95964

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418726
reference_id	1418726
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418726

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2609

reference_id

CVE-2017-2609

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2609

reference_url

https://github.com/advisories/GHSA-v222-w2mw-xjc6

reference_id

GHSA-v222-w2mw-xjc6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v222-w2mw-xjc6

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2609, GHSA-v222-w2mw-xjc6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgy1-h6aj-dbbu

url VCID-kbj2-ymsz-5qe8

vulnerability_id VCID-kbj2-ymsz-5qe8

summary

Information Exposure
Jenkins is vulnerable to a user data leak in disconnected agents' `config.xml` API. This could leak sensitive data such as API tokens.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2603.json

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2603.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2603

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.06426
published_at	2026-04-26T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06402
published_at	2026-04-24T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06388
published_at	2026-04-21T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06239
published_at	2026-04-18T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06209
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06292
published_at	2026-04-09T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06196
published_at	2026-04-02T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06228
published_at	2026-04-04T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06251
published_at	2026-04-08T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06227
published_at	2026-04-16T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06268
published_at	2026-04-13T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06162
published_at	2026-04-01T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06279
published_at	2026-04-12T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06283
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2603

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2603

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2603

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/3cd946cbef82c6da5ccccf3890d0ae4e091c4265

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/3cd946cbef82c6da5ccccf3890d0ae4e091c4265

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2603

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url	http://www.securityfocus.com/bid/95955
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95955

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418713
reference_id	1418713
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418713

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url

reference_id

CVE-2017-2603

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:N/A:N

value	2.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2603

reference_url

https://github.com/advisories/GHSA-x55p-6526-xmmp

reference_id

GHSA-x55p-6526-xmmp

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x55p-6526-xmmp

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2603, GHSA-x55p-6526-xmmp

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kbj2-ymsz-5qe8

url VCID-kzfk-8p92-3bgs

vulnerability_id VCID-kzfk-8p92-3bgs

summary

Cross-site Scripting
Jenkins is vulnerable to a persisted cross-site scripting vulnerability in console notes. Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2607.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2607.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2607

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.14614
published_at	2026-04-26T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14616
published_at	2026-04-24T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14715
published_at	2026-04-11T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14801
published_at	2026-04-04T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14607
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14696
published_at	2026-04-08T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14755
published_at	2026-04-09T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14586
published_at	2026-04-21T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1452
published_at	2026-04-18T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14676
published_at	2026-04-01T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14513
published_at	2026-04-16T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14622
published_at	2026-04-13T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14677
published_at	2026-04-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14727
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2607

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2607

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2607

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95963

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95963

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418719
reference_id	1418719
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418719

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2607

reference_id

CVE-2017-2607

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2607

reference_url

https://github.com/advisories/GHSA-42m6-7xff-9v9m

reference_id

GHSA-42m6-7xff-9v9m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-42m6-7xff-9v9m

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2607, GHSA-42m6-7xff-9v9m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzfk-8p92-3bgs

url VCID-q58h-d9w2-8yez

vulnerability_id VCID-q58h-d9w2-8yez

summary

Information Exposure
Jenkins is vulnerable to an improper exclusion of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2602.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2602.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2602

reference_id

reference_type

scores

value	0.00165
scoring_system	epss
scoring_elements	0.37247
published_at	2026-04-26T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37268
published_at	2026-04-24T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37488
published_at	2026-04-21T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37553
published_at	2026-04-18T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37572
published_at	2026-04-16T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37525
published_at	2026-04-13T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37558
published_at	2026-04-08T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37571
published_at	2026-04-09T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37606
published_at	2026-04-02T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37629
published_at	2026-04-04T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37507
published_at	2026-04-07T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.3744
published_at	2026-04-01T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37551
published_at	2026-04-12T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37585
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2602

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2602

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2602

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/414ff7e30aba66bed18c4ee8a8660fb36fc8c655

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/414ff7e30aba66bed18c4ee8a8660fb36fc8c655

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2602

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url	http://www.securityfocus.com/bid/95952
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95952

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418711
reference_id	1418711
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418711

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url

reference_id

CVE-2017-2602

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2602

reference_url

https://github.com/advisories/GHSA-ffgg-vphh-v273

reference_id

GHSA-ffgg-vphh-v273

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ffgg-vphh-v273

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2602, GHSA-ffgg-vphh-v273

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q58h-d9w2-8yez

url VCID-rhrm-caa2-9kae

vulnerability_id VCID-rhrm-caa2-9kae

summary

Improper Privilege Management
Jenkins is vulnerable to an insufficient permission check. This allows users with permissions to create new items to overwrite existing items they don't have access to.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2599.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2599.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2599

reference_id

reference_type

scores

value	0.00164
scoring_system	epss
scoring_elements	0.37106
published_at	2026-04-26T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37542
published_at	2026-04-04T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.3737
published_at	2026-04-07T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37421
published_at	2026-04-08T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37433
published_at	2026-04-09T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37446
published_at	2026-04-11T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37411
published_at	2026-04-12T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37384
published_at	2026-04-13T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.3743
published_at	2026-04-16T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37412
published_at	2026-04-18T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37357
published_at	2026-04-21T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37138
published_at	2026-04-24T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37354
published_at	2026-04-01T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37518
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2599

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338f366853ce89

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338f366853ce89

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2599

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url	http://www.securityfocus.com/bid/95949
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95949

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418698
reference_id	1418698
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418698

reference_url

reference_id

CVE-2017-2599

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2599

reference_url

https://github.com/advisories/GHSA-7r4h-2h23-6jq9

reference_id

GHSA-7r4h-2h23-6jq9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7r4h-2h23-6jq9

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2599, GHSA-7r4h-2h23-6jq9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rhrm-caa2-9kae

url VCID-sanw-xj8r-1kbb

vulnerability_id VCID-sanw-xj8r-1kbb

summary

Information Exposure
The re-key admin monitor in Jenkins re-encrypts all secrets in `JENKINS_HOME` with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups are world-readable and not removed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000362.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000362.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000362

reference_id

reference_type

scores

value	0.01234
scoring_system	epss
scoring_elements	0.79259
published_at	2026-04-26T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79145
published_at	2026-04-01T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79151
published_at	2026-04-02T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79176
published_at	2026-04-04T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79162
published_at	2026-04-07T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79187
published_at	2026-04-08T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79195
published_at	2026-04-13T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79219
published_at	2026-04-21T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79204
published_at	2026-04-12T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79221
published_at	2026-04-16T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79218
published_at	2026-04-18T12:55:00Z

value	0.01234
scoring_system	epss
scoring_elements	0.79253
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000362

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/0be33cf7328fad6a7596ce9505a74561a8b1eb85

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/0be33cf7328fad6a7596ce9505a74561a8b1eb85

reference_url

https://github.com/jenkinsci/jenkins/commit/a572450f039fdb99410fcf6eb0ba307bd69ea458

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/a572450f039fdb99410fcf6eb0ba307bd69ea458

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000362

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418716
reference_id	1418716
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418716

reference_url

reference_id

CVE-2017-1000362

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000362

reference_url

https://github.com/advisories/GHSA-92mr-4w2q-4578

reference_id

GHSA-92mr-4w2q-4578

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-92mr-4w2q-4578

fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@1.625
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@1.625
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-1000362, GHSA-92mr-4w2q-4578

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sanw-xj8r-1kbb

url VCID-v2ky-wpb2-6qhk

vulnerability_id VCID-v2ky-wpb2-6qhk

summary

Cross-site Scripting
Jenkins is vulnerable to a persisted cross-site scripting in parameter names and descriptions. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2601.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2601.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2601

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55762
published_at	2026-04-26T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55745
published_at	2026-04-24T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55843
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55801
published_at	2026-04-13T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55819
published_at	2026-04-21T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55839
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5583
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55662
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55774
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55827
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55796
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55776
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2601

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2601

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2601

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/fd2e081b947124c90bcd97bfc55e1a7f2ef41a74

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/fd2e081b947124c90bcd97bfc55e1a7f2ef41a74

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/04/12/5

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/04/12/5

reference_url

http://www.openwall.com/lists/oss-security/2022/05/17/8

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/05/17/8

reference_url

http://www.openwall.com/lists/oss-security/2022/06/22/3

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/06/22/3

reference_url

http://www.openwall.com/lists/oss-security/2022/06/30/3

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/06/30/3

reference_url

http://www.openwall.com/lists/oss-security/2022/10/19/3

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/10/19/3

reference_url

http://www.securityfocus.com/bid/95960

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95960

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418707
reference_id	1418707
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418707

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2601

reference_id

CVE-2017-2601

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2601

reference_url

https://github.com/advisories/GHSA-r69c-5j7c-vm6q

reference_id

GHSA-r69c-5j7c-vm6q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r69c-5j7c-vm6q

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2601, GHSA-r69c-5j7c-vm6q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v2ky-wpb2-6qhk

url VCID-wb3y-k94s-eyb4

vulnerability_id VCID-wb3y-k94s-eyb4

summary

Deserialization of Untrusted Data
Jenkins is vulnerable to a remote code execution vulnerability involving the deserialization of various types in `javax.imageio` in XStream-based APIs.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2608.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2608.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2608

reference_id

reference_type

scores

value	0.02976
scoring_system	epss
scoring_elements	0.86555
published_at	2026-04-26T12:55:00Z

value	0.02976
scoring_system	epss
scoring_elements	0.8645
published_at	2026-04-01T12:55:00Z

value	0.02976
scoring_system	epss
scoring_elements	0.8646
published_at	2026-04-02T12:55:00Z

value	0.02976
scoring_system	epss
scoring_elements	0.86478
published_at	2026-04-07T12:55:00Z

value	0.02976
scoring_system	epss
scoring_elements	0.86497
published_at	2026-04-08T12:55:00Z

value	0.02976
scoring_system	epss
scoring_elements	0.86507
published_at	2026-04-09T12:55:00Z

value	0.02976
scoring_system	epss
scoring_elements	0.86522
published_at	2026-04-11T12:55:00Z

value	0.02976
scoring_system	epss
scoring_elements	0.86519
published_at	2026-04-12T12:55:00Z

value	0.02976
scoring_system	epss
scoring_elements	0.86514
published_at	2026-04-13T12:55:00Z

value	0.02976
scoring_system	epss
scoring_elements	0.86529
published_at	2026-04-16T12:55:00Z

value	0.02976
scoring_system	epss
scoring_elements	0.86535
published_at	2026-04-18T12:55:00Z

value	0.02976
scoring_system	epss
scoring_elements	0.86527
published_at	2026-04-21T12:55:00Z

value	0.02976
scoring_system	epss
scoring_elements	0.86546
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2608

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418724
reference_id	1418724
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url

reference_id

CVE-2017-2608

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

GHSA-fwqr-3pvp-pjwq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2612.json

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.45
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.45
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.45

aliases CVE-2017-2608, GHSA-fwqr-3pvp-pjwq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wb3y-k94s-eyb4

url VCID-yw8v-fqar-z7b5

vulnerability_id VCID-yw8v-fqar-z7b5

summary

Incorrect Permission Assignment for Critical Resource
In Jenkins low privilege users were able to override JDK download credentials, resulting in future builds possibly failing to download a JDK.

references

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2612.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2612

reference_id

reference_type

scores

value	0.00119
scoring_system	epss
scoring_elements	0.30557
published_at	2026-04-26T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30674
published_at	2026-04-24T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30837
published_at	2026-04-21T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30871
published_at	2026-04-18T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30891
published_at	2026-04-16T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30913
published_at	2026-04-08T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30989
published_at	2026-04-02T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.31037
published_at	2026-04-04T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30855
published_at	2026-04-07T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30943
published_at	2026-04-09T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.3086
published_at	2026-04-13T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30863
published_at	2026-04-01T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30904
published_at	2026-04-12T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30947
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2612

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2612

reference_url	https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-02-01/

reference_url	http://www.securityfocus.com/bid/95957
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95957

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418730
reference_id	1418730
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418730

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url

reference_id

CVE-2017-2612

reference_type

scores

value	5.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:P

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2612

reference_url

https://github.com/advisories/GHSA-wf9g-rh76-6jvr

reference_id

GHSA-wf9g-rh76-6jvr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wf9g-rh76-6jvr

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gnc-b5tg-3fhe

vulnerability	VCID-2zwg-a71p-r7hs

vulnerability	VCID-6cw8-67c2-1ugk

vulnerability	VCID-8u35-jee9-5qes

vulnerability	VCID-fndu-scdw-jueh

vulnerability	VCID-h23h-s8t3-byhr

vulnerability	VCID-hgy1-h6aj-dbbu

vulnerability	VCID-kbj2-ymsz-5qe8

vulnerability	VCID-kzfk-8p92-3bgs

vulnerability	VCID-q58h-d9w2-8yez

vulnerability	VCID-rhrm-caa2-9kae

vulnerability	VCID-v2ky-wpb2-6qhk

vulnerability	VCID-wb3y-k94s-eyb4

vulnerability	VCID-yw8v-fqar-z7b5

vulnerability	VCID-zb9r-zjt8-wqae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wb3y-k94s-eyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44

aliases CVE-2017-2612, GHSA-wf9g-rh76-6jvr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yw8v-fqar-z7b5

url VCID-zb9r-zjt8-wqae

vulnerability_id VCID-zb9r-zjt8-wqae

summary

Cross-Site Request Forgery (CSRF)
Jenkins is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create user records.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2613.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2613.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2613

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.186
published_at	2026-04-26T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18995
published_at	2026-04-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18718
published_at	2026-04-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18798
published_at	2026-04-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1885
published_at	2026-04-09T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18855
published_at	2026-04-11T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18808
published_at	2026-04-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18756
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18706
published_at	2026-04-16T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18719
published_at	2026-04-18T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18736
published_at	2026-04-21T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18622
published_at	2026-04-24T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18803
published_at	2026-04-01T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18942
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2613

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613

reference_url

https://github.com/jenkinsci/jenkins/commit/b88b20ec473200db35d0a0d29dcf192069106601

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/b88b20ec473200db35d0a0d29dcf192069106601

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url