Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.main/jenkins-core@2.107.2
Typemaven
Namespaceorg.jenkins-ci.main
Namejenkins-core
Version2.107.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.107.3
Latest_non_vulnerable_version2.555
Affected_by_vulnerabilities
0
url VCID-8x6t-vhae-kkd8
vulnerability_id VCID-8x6t-vhae-kkd8
summary 
Information Exposure
An information exposure vulnerability exists in Jenkins that allows users with Overall/Read access to enumerate all installed plugins.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000192.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000192.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000192
reference_id
reference_type
scores
0
value 0.00479
scoring_system epss
scoring_elements 0.65057
published_at 2026-04-21T12:55:00Z
1
value 0.00479
scoring_system epss
scoring_elements 0.64942
published_at 2026-04-01T12:55:00Z
2
value 0.00479
scoring_system epss
scoring_elements 0.64992
published_at 2026-04-02T12:55:00Z
3
value 0.00479
scoring_system epss
scoring_elements 0.65019
published_at 2026-04-04T12:55:00Z
4
value 0.00479
scoring_system epss
scoring_elements 0.64982
published_at 2026-04-07T12:55:00Z
5
value 0.00479
scoring_system epss
scoring_elements 0.65032
published_at 2026-04-08T12:55:00Z
6
value 0.00479
scoring_system epss
scoring_elements 0.65046
published_at 2026-04-09T12:55:00Z
7
value 0.00479
scoring_system epss
scoring_elements 0.65064
published_at 2026-04-11T12:55:00Z
8
value 0.00479
scoring_system epss
scoring_elements 0.65053
published_at 2026-04-12T12:55:00Z
9
value 0.00479
scoring_system epss
scoring_elements 0.65026
published_at 2026-04-13T12:55:00Z
10
value 0.00479
scoring_system epss
scoring_elements 0.65063
published_at 2026-04-16T12:55:00Z
11
value 0.00479
scoring_system epss
scoring_elements 0.65073
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000192
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/7c5b41bfd5d8004f82684a9168dd627e20ea5f35
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/7c5b41bfd5d8004f82684a9168dd627e20ea5f35
4
reference_url https://github.com/jenkinsci/jenkins/commit/809916b59b7c7678dc3c1c76338452121fed1424
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/809916b59b7c7678dc3c1c76338452121fed1424
5
reference_url https://jenkins.io/security/advisory/2018-05-09/#SECURITY-771
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2018-05-09/#SECURITY-771
6
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1576706
reference_id 1576706
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1576706
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000192
reference_id CVE-2018-1000192
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000192
12
reference_url https://github.com/advisories/GHSA-2w4x-rxp7-grg7
reference_id GHSA-2w4x-rxp7-grg7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2w4x-rxp7-grg7
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.3
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.3
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.121
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.121
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.121
aliases CVE-2018-1000192, GHSA-2w4x-rxp7-grg7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8x6t-vhae-kkd8
1
url VCID-df66-65bh-3fhy
vulnerability_id VCID-df66-65bh-3fhy
summary 
Cross-Site Request Forgery (CSRF)
A server-side request forgery vulnerability exists in Jenkins that allows users with Overall/Read permission to have Jenkins submit an HTTP GET request to an arbitrary URL and learn whether the response is successful or not.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000195.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000195.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000195
reference_id
reference_type
scores
0
value 0.00695
scoring_system epss
scoring_elements 0.71937
published_at 2026-04-21T12:55:00Z
1
value 0.00695
scoring_system epss
scoring_elements 0.71868
published_at 2026-04-01T12:55:00Z
2
value 0.00695
scoring_system epss
scoring_elements 0.71875
published_at 2026-04-02T12:55:00Z
3
value 0.00695
scoring_system epss
scoring_elements 0.71894
published_at 2026-04-04T12:55:00Z
4
value 0.00695
scoring_system epss
scoring_elements 0.71866
published_at 2026-04-07T12:55:00Z
5
value 0.00695
scoring_system epss
scoring_elements 0.71905
published_at 2026-04-13T12:55:00Z
6
value 0.00695
scoring_system epss
scoring_elements 0.71916
published_at 2026-04-09T12:55:00Z
7
value 0.00695
scoring_system epss
scoring_elements 0.7194
published_at 2026-04-11T12:55:00Z
8
value 0.00695
scoring_system epss
scoring_elements 0.71922
published_at 2026-04-12T12:55:00Z
9
value 0.00695
scoring_system epss
scoring_elements 0.71947
published_at 2026-04-16T12:55:00Z
10
value 0.00695
scoring_system epss
scoring_elements 0.71952
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000195
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/6eea1e97840b5623829b2c1fd2e363c045bdc230
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/6eea1e97840b5623829b2c1fd2e363c045bdc230
4
reference_url https://jenkins.io/security/advisory/2018-05-09/#SECURITY-794
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2018-05-09/#SECURITY-794
5
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1576712
reference_id 1576712
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1576712
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000195
reference_id CVE-2018-1000195
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000195
11
reference_url https://github.com/advisories/GHSA-rgmj-mccj-h9mx
reference_id GHSA-rgmj-mccj-h9mx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rgmj-mccj-h9mx
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.3
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.3
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.121
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.121
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.121
aliases CVE-2018-1000195, GHSA-rgmj-mccj-h9mx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-df66-65bh-3fhy
2
url VCID-h88g-ywc5-1ycw
vulnerability_id VCID-h88g-ywc5-1ycw
summary 
Injection Vulnerability
An improper neutralization of control sequences vulnerability exists in Jenkins in `HudsonPrivateSecurityRealm.java` that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000193.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000193.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000193
reference_id
reference_type
scores
0
value 0.00759
scoring_system epss
scoring_elements 0.73369
published_at 2026-04-18T12:55:00Z
1
value 0.00759
scoring_system epss
scoring_elements 0.73267
published_at 2026-04-01T12:55:00Z
2
value 0.00759
scoring_system epss
scoring_elements 0.73276
published_at 2026-04-02T12:55:00Z
3
value 0.00759
scoring_system epss
scoring_elements 0.733
published_at 2026-04-04T12:55:00Z
4
value 0.00759
scoring_system epss
scoring_elements 0.73272
published_at 2026-04-07T12:55:00Z
5
value 0.00759
scoring_system epss
scoring_elements 0.73308
published_at 2026-04-08T12:55:00Z
6
value 0.00759
scoring_system epss
scoring_elements 0.73321
published_at 2026-04-09T12:55:00Z
7
value 0.00759
scoring_system epss
scoring_elements 0.73345
published_at 2026-04-11T12:55:00Z
8
value 0.00759
scoring_system epss
scoring_elements 0.73326
published_at 2026-04-12T12:55:00Z
9
value 0.00759
scoring_system epss
scoring_elements 0.73318
published_at 2026-04-13T12:55:00Z
10
value 0.00759
scoring_system epss
scoring_elements 0.73362
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000193
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/de7aaab441151fb1760855fec83681c6a8756a45
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/de7aaab441151fb1760855fec83681c6a8756a45
4
reference_url https://jenkins.io/security/advisory/2018-05-09/#SECURITY-786
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2018-05-09/#SECURITY-786
5
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1576708
reference_id 1576708
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1576708
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000193
reference_id CVE-2018-1000193
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000193
11
reference_url https://github.com/advisories/GHSA-7592-93rm-6gpx
reference_id GHSA-7592-93rm-6gpx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7592-93rm-6gpx
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.3
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.3
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.121
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.121
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.121
aliases CVE-2018-1000193, GHSA-7592-93rm-6gpx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h88g-ywc5-1ycw
3
url VCID-pdf9-n6qs-ybcc
vulnerability_id VCID-pdf9-n6qs-ybcc
summary 
Path Traversal
A path traversal vulnerability exists in Jenkins in `FilePath.java`, `SoloFilePathFilter.java` that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000194.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000194.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000194
reference_id
reference_type
scores
0
value 0.00469
scoring_system epss
scoring_elements 0.64573
published_at 2026-04-21T12:55:00Z
1
value 0.00469
scoring_system epss
scoring_elements 0.64588
published_at 2026-04-18T12:55:00Z
2
value 0.00469
scoring_system epss
scoring_elements 0.64576
published_at 2026-04-16T12:55:00Z
3
value 0.00469
scoring_system epss
scoring_elements 0.64542
published_at 2026-04-13T12:55:00Z
4
value 0.00469
scoring_system epss
scoring_elements 0.64571
published_at 2026-04-12T12:55:00Z
5
value 0.00469
scoring_system epss
scoring_elements 0.64583
published_at 2026-04-11T12:55:00Z
6
value 0.00469
scoring_system epss
scoring_elements 0.64567
published_at 2026-04-09T12:55:00Z
7
value 0.00469
scoring_system epss
scoring_elements 0.64551
published_at 2026-04-08T12:55:00Z
8
value 0.00469
scoring_system epss
scoring_elements 0.64545
published_at 2026-04-04T12:55:00Z
9
value 0.00469
scoring_system epss
scoring_elements 0.64503
published_at 2026-04-07T12:55:00Z
10
value 0.00469
scoring_system epss
scoring_elements 0.64515
published_at 2026-04-02T12:55:00Z
11
value 0.00469
scoring_system epss
scoring_elements 0.64461
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000194
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/5cf0a77d44310523b763698f67d645c1f2427f30
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/5cf0a77d44310523b763698f67d645c1f2427f30
4
reference_url https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788
5
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1576711
reference_id 1576711
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1576711
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_id cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000194
reference_id CVE-2018-1000194
reference_type
scores
0
value 5.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000194
11
reference_url https://github.com/advisories/GHSA-x646-m7x2-gcp7
reference_id GHSA-x646-m7x2-gcp7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x646-m7x2-gcp7
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.3
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.3
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.121
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.121
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.121
aliases CVE-2018-1000194, GHSA-x646-m7x2-gcp7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pdf9-n6qs-ybcc
Fixing_vulnerabilities
0
url VCID-5a6u-x9s5-tfg8
vulnerability_id VCID-5a6u-x9s5-tfg8
summary 
Cross-site Scripting
A cross-site scripting vulnerability exists in Jenkins in `confirmationList.jelly` and `stopButton.jelly` that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000170.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000170.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000170
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.43994
published_at 2026-04-21T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.44039
published_at 2026-04-08T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44041
published_at 2026-04-09T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.44056
published_at 2026-04-11T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.44024
published_at 2026-04-12T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.44008
published_at 2026-04-13T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.44069
published_at 2026-04-16T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.44059
published_at 2026-04-18T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.43986
published_at 2026-04-01T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.44034
published_at 2026-04-02T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.44057
published_at 2026-04-04T12:55:00Z
11
value 0.00215
scoring_system epss
scoring_elements 0.43988
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000170
2
reference_url https://github.com/jenkinsci/jenkins/commit/07d18cfd6d336a2b7cc0a78e120d9739a5d4e1d1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/07d18cfd6d336a2b7cc0a78e120d9739a5d4e1d1
3
reference_url https://jenkins.io/security/advisory/2018-04-11/#SECURITY-759
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2018-04-11/#SECURITY-759
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1566950
reference_id 1566950
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1566950
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000170
reference_id CVE-2018-1000170
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000170
6
reference_url https://github.com/advisories/GHSA-9jcv-v4jp-w3cq
reference_id GHSA-9jcv-v4jp-w3cq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jcv-v4jp-w3cq
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8x6t-vhae-kkd8
1
vulnerability VCID-df66-65bh-3fhy
2
vulnerability VCID-h88g-ywc5-1ycw
3
vulnerability VCID-pdf9-n6qs-ybcc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.116
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.116
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.116
aliases CVE-2018-1000170, GHSA-9jcv-v4jp-w3cq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5a6u-x9s5-tfg8
1
url VCID-u9ph-5sbd-mfgp
vulnerability_id VCID-u9ph-5sbd-mfgp
summary 
Information Exposure
Jenkins allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.
references
0
reference_url https://access.redhat.com/errata/RHBA-2018:1816
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2018:1816
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000169.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000169.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000169
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.40246
published_at 2026-04-16T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40198
published_at 2026-04-13T12:55:00Z
2
value 0.00185
scoring_system epss
scoring_elements 0.40217
published_at 2026-04-12T12:55:00Z
3
value 0.00185
scoring_system epss
scoring_elements 0.40085
published_at 2026-04-01T12:55:00Z
4
value 0.00185
scoring_system epss
scoring_elements 0.40234
published_at 2026-04-02T12:55:00Z
5
value 0.00185
scoring_system epss
scoring_elements 0.40256
published_at 2026-04-11T12:55:00Z
6
value 0.00185
scoring_system epss
scoring_elements 0.40258
published_at 2026-04-04T12:55:00Z
7
value 0.00185
scoring_system epss
scoring_elements 0.4018
published_at 2026-04-07T12:55:00Z
8
value 0.00185
scoring_system epss
scoring_elements 0.40244
published_at 2026-04-09T12:55:00Z
9
value 0.00185
scoring_system epss
scoring_elements 0.40233
published_at 2026-04-08T12:55:00Z
10
value 0.00185
scoring_system epss
scoring_elements 0.4014
published_at 2026-04-21T12:55:00Z
11
value 0.00185
scoring_system epss
scoring_elements 0.40216
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000169
3
reference_url https://github.com/jenkinsci/jenkins/commit/69a784bb8d2c5a021d225eda2d392fb081c1169e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/69a784bb8d2c5a021d225eda2d392fb081c1169e
4
reference_url https://jenkins.io/security/advisory/2018-04-11/#SECURITY-754
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2018-04-11/#SECURITY-754
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1566947
reference_id 1566947
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1566947
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000169
reference_id CVE-2018-1000169
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000169
7
reference_url https://github.com/advisories/GHSA-cpw3-x7gf-p872
reference_id GHSA-cpw3-x7gf-p872
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cpw3-x7gf-p872
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8x6t-vhae-kkd8
1
vulnerability VCID-df66-65bh-3fhy
2
vulnerability VCID-h88g-ywc5-1ycw
3
vulnerability VCID-pdf9-n6qs-ybcc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.116
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.116
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.116
aliases CVE-2018-1000169, GHSA-cpw3-x7gf-p872
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9ph-5sbd-mfgp
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.2