Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/openshift-ansible@3.11.82-3.git.0.9718d0a?arch=el7
Typerpm
Namespaceredhat
Nameopenshift-ansible
Version3.11.82-3.git.0.9718d0a
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2kn9-m47e-13dj
vulnerability_id VCID-2kn9-m47e-13dj
summary
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003010.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003010.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003010
reference_id
reference_type
scores
0
value 0.00651
scoring_system epss
scoring_elements 0.71442
published_at 2026-06-14T12:55:00Z
1
value 0.00651
scoring_system epss
scoring_elements 0.71431
published_at 2026-06-12T12:55:00Z
2
value 0.00651
scoring_system epss
scoring_elements 0.71443
published_at 2026-06-13T12:55:00Z
3
value 0.00651
scoring_system epss
scoring_elements 0.71343
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003010
3
reference_url https://github.com/jenkinsci/git-plugin/commit/f9152d943936b1c6b493dfe750d27f0caa7c0767
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/git-plugin/commit/f9152d943936b1c6b493dfe750d27f0caa7c0767
4
reference_url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003010
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003010
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1670292
reference_id 1670292
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1670292
7
reference_url https://github.com/advisories/GHSA-r8rw-xx57-m64q
reference_id GHSA-r8rw-xx57-m64q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r8rw-xx57-m64q
fixed_packages
aliases CVE-2019-1003010, GHSA-r8rw-xx57-m64q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2kn9-m47e-13dj
1
url VCID-4f8b-96g7-93bg
vulnerability_id VCID-4f8b-96g7-93bg
summary Improper Authorization in Jenkins Core
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003003.json
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003003.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003003
reference_id
reference_type
scores
0
value 0.01946
scoring_system epss
scoring_elements 0.83896
published_at 2026-06-14T12:55:00Z
1
value 0.01946
scoring_system epss
scoring_elements 0.83834
published_at 2026-06-11T12:55:00Z
2
value 0.01946
scoring_system epss
scoring_elements 0.83891
published_at 2026-06-12T12:55:00Z
3
value 0.01946
scoring_system epss
scoring_elements 0.839
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003003
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/7b4649657f90e98a5564cf5f0892deaa5fee0454
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/7b4649657f90e98a5564cf5f0892deaa5fee0454
4
reference_url https://jenkins.io/security/advisory/2019-01-16/#SECURITY-868
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-16/#SECURITY-868
5
reference_url https://web.archive.org/web/20200227092104/http://www.securityfocus.com/bid/106680
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227092104/http://www.securityfocus.com/bid/106680
6
reference_url http://www.securityfocus.com/bid/106680
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106680
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1668345
reference_id 1668345
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1668345
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003003
reference_id CVE-2019-1003003
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003003
9
reference_url https://github.com/advisories/GHSA-6rh5-23hx-j452
reference_id GHSA-6rh5-23hx-j452
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6rh5-23hx-j452
fixed_packages
aliases CVE-2019-1003003, GHSA-6rh5-23hx-j452
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4f8b-96g7-93bg
2
url VCID-5ca7-8vn5-yuh8
vulnerability_id VCID-5ca7-8vn5-yuh8
summary Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003011.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003011.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003011
reference_id
reference_type
scores
0
value 0.00556
scoring_system epss
scoring_elements 0.68686
published_at 2026-06-12T12:55:00Z
1
value 0.00556
scoring_system epss
scoring_elements 0.68694
published_at 2026-06-14T12:55:00Z
2
value 0.00556
scoring_system epss
scoring_elements 0.68596
published_at 2026-06-11T12:55:00Z
3
value 0.00556
scoring_system epss
scoring_elements 0.68699
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003011
3
reference_url https://github.com/jenkinsci/token-macro-plugin/commit/70163600031ea8d43833e6eea928f8fa2e44f96a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/token-macro-plugin/commit/70163600031ea8d43833e6eea928f8fa2e44f96a
4
reference_url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1670296
reference_id 1670296
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1670296
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003011
reference_id CVE-2019-1003011
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003011
7
reference_url https://github.com/advisories/GHSA-23h9-m55m-c5jp
reference_id GHSA-23h9-m55m-c5jp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23h9-m55m-c5jp
fixed_packages
aliases CVE-2019-1003011, GHSA-23h9-m55m-c5jp
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ca7-8vn5-yuh8
3
url VCID-7v7d-5x7d-1bdw
vulnerability_id VCID-7v7d-5x7d-1bdw
summary Protection Mechanism Failure in Jenkins Script Security Plugin
references
0
reference_url http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003000.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003000.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003000
reference_id
reference_type
scores
0
value 0.94443
scoring_system epss
scoring_elements 0.99992
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003000
4
reference_url https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c
5
reference_url https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
6
reference_url https://www.exploit-db.com/exploits/46453
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46453
7
reference_url https://www.exploit-db.com/exploits/46453/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46453/
8
reference_url https://www.exploit-db.com/exploits/46572
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46572
9
reference_url https://www.exploit-db.com/exploits/46572/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46572/
10
reference_url http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1667566
reference_id 1667566
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1667566
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003000
reference_id CVE-2019-1003000
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003000
13
reference_url https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html
reference_id CVE-2019-1003002;CVE-2019-1003001;CVE-2019-1003000
reference_type exploit
scores
url https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html
14
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/46572.rb
reference_id CVE-2019-1003002;CVE-2019-1003001;CVE-2019-1003000
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/46572.rb
15
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/46427.txt
reference_id CVE-2019-1003002;CVE-2019-1003001;CVE-2019-1003000
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/46427.txt
16
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/24143f812c7bede6d0ab66a6830761f621140ebd/modules/exploits/multi/http/jenkins_metaprogramming.rb
reference_id CVE-2019-1003002;CVE-2019-1003001;CVE-2019-1003000
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/24143f812c7bede6d0ab66a6830761f621140ebd/modules/exploits/multi/http/jenkins_metaprogramming.rb
17
reference_url https://github.com/advisories/GHSA-784j-h234-m56x
reference_id GHSA-784j-h234-m56x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-784j-h234-m56x
fixed_packages
aliases CVE-2019-1003000, GHSA-784j-h234-m56x
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v7d-5x7d-1bdw
4
url VCID-9v7x-k4gk-qbae
vulnerability_id VCID-9v7x-k4gk-qbae
summary Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability
references
0
reference_url http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003002.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003002.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003002
reference_id
reference_type
scores
0
value 0.93454
scoring_system epss
scoring_elements 0.99831
published_at 2026-06-14T12:55:00Z
1
value 0.93454
scoring_system epss
scoring_elements 0.9983
published_at 2026-06-13T12:55:00Z
2
value 0.93454
scoring_system epss
scoring_elements 0.99829
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003002
4
reference_url https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/083abd96e68fd89f556a0cd53db5f878dbf09b92
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/083abd96e68fd89f556a0cd53db5f878dbf09b92
5
reference_url https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
6
reference_url https://www.exploit-db.com/exploits/46572
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46572
7
reference_url https://www.exploit-db.com/exploits/46572/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46572/
8
reference_url http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1669508
reference_id 1669508
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1669508
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003002
reference_id CVE-2019-1003002
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003002
11
reference_url https://github.com/advisories/GHSA-x6jx-cxg3-mggh
reference_id GHSA-x6jx-cxg3-mggh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x6jx-cxg3-mggh
fixed_packages
aliases CVE-2019-1003002, GHSA-x6jx-cxg3-mggh
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9v7x-k4gk-qbae
5
url VCID-d6tp-nums-a7ap
vulnerability_id VCID-d6tp-nums-a7ap
summary A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3826.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3826.json
1
reference_url https://advisory.checkmarx.net/advisory/CX-2019-4297
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://advisory.checkmarx.net/advisory/CX-2019-4297
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3826
reference_id
reference_type
scores
0
value 0.01793
scoring_system epss
scoring_elements 0.83231
published_at 2026-06-14T12:55:00Z
1
value 0.01793
scoring_system epss
scoring_elements 0.83227
published_at 2026-06-12T12:55:00Z
2
value 0.01793
scoring_system epss
scoring_elements 0.83235
published_at 2026-06-13T12:55:00Z
3
value 0.01793
scoring_system epss
scoring_elements 0.83166
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3826
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
5
reference_url https://github.com/aquasecurity/trivy/issues/2992
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aquasecurity/trivy/issues/2992
6
reference_url https://github.com/prometheus/prometheus/commit/62e591f9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/prometheus/prometheus/commit/62e591f9
7
reference_url https://github.com/prometheus/prometheus/pull/5163
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/prometheus/prometheus/pull/5163
8
reference_url https://github.com/prometheus/prometheus/pull/5163/commits/ea254eea5e3c9a12d6f37a25921b7259ff1c4280
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/prometheus/prometheus/pull/5163/commits/ea254eea5e3c9a12d6f37a25921b7259ff1c4280
9
reference_url https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/merge_requests/26608
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/merge_requests/26608
10
reference_url https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3826
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3826
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1672865
reference_id 1672865
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1672865
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921615
reference_id 921615
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921615
fixed_packages
aliases CVE-2019-3826, GHSA-3m87-5598-2v4f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6tp-nums-a7ap
6
url VCID-ekqz-ujr1-bfbg
vulnerability_id VCID-ekqz-ujr1-bfbg
summary Jenkins Groovy Plugin sandbox bypass vulnerability
references
0
reference_url http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003001.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003001.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003001
reference_id
reference_type
scores
0
value 0.93935
scoring_system epss
scoring_elements 0.99889
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003001
4
reference_url https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/6d7884dec610bf34503d24d494d994e9fc607642
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/6d7884dec610bf34503d24d494d994e9fc607642
5
reference_url https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c
6
reference_url https://github.com/jenkinsci/workflow-cps-plugin/commit/66c3e7aafe7888d4e1fe9995a688bb3fb742d742
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-cps-plugin/commit/66c3e7aafe7888d4e1fe9995a688bb3fb742d742
7
reference_url https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
8
reference_url https://www.exploit-db.com/exploits/46572
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46572
9
reference_url https://www.exploit-db.com/exploits/46572/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46572/
10
reference_url http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1669505
reference_id 1669505
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1669505
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003001
reference_id CVE-2019-1003001
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003001
13
reference_url https://github.com/advisories/GHSA-6q78-6xvr-26fg
reference_id GHSA-6q78-6xvr-26fg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q78-6xvr-26fg
fixed_packages
aliases CVE-2019-1003001, GHSA-6q78-6xvr-26fg
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ekqz-ujr1-bfbg
7
url VCID-fkjw-xrxq-e7hj
vulnerability_id VCID-fkjw-xrxq-e7hj
summary Cross-Site Request Forgery in Jenkins Blue Ocean Plugin
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003012.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003012.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003012
reference_id
reference_type
scores
0
value 0.00154
scoring_system epss
scoring_elements 0.36098
published_at 2026-06-12T12:55:00Z
1
value 0.00154
scoring_system epss
scoring_elements 0.36109
published_at 2026-06-14T12:55:00Z
2
value 0.00154
scoring_system epss
scoring_elements 0.35918
published_at 2026-06-11T12:55:00Z
3
value 0.00154
scoring_system epss
scoring_elements 0.3612
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003012
3
reference_url https://github.com/jenkinsci/blueocean-plugin/commit/1a03020b5a50c1e3f47d4b0902ec7fc78d3c86ce
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/blueocean-plugin/commit/1a03020b5a50c1e3f47d4b0902ec7fc78d3c86ce
4
reference_url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1670298
reference_id 1670298
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1670298
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003012
reference_id CVE-2019-1003012
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003012
7
reference_url https://github.com/advisories/GHSA-qxh5-5r5p-5gvf
reference_id GHSA-qxh5-5r5p-5gvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qxh5-5r5p-5gvf
fixed_packages
aliases CVE-2019-1003012, GHSA-qxh5-5r5p-5gvf
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fkjw-xrxq-e7hj
8
url VCID-k583-3rz1-kkav
vulnerability_id VCID-k583-3rz1-kkav
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20615.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20615.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20615
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34425
published_at 2026-06-11T12:55:00Z
1
value 0.00143
scoring_system epss
scoring_elements 0.34602
published_at 2026-06-12T12:55:00Z
2
value 0.00143
scoring_system epss
scoring_elements 0.34625
published_at 2026-06-13T12:55:00Z
3
value 0.00143
scoring_system epss
scoring_elements 0.34605
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20615
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20615
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20615
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1663060
reference_id 1663060
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1663060
5
reference_url https://access.redhat.com/errata/RHSA-2019:0275
reference_id RHSA-2019:0275
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0275
6
reference_url https://access.redhat.com/errata/RHSA-2019:0547
reference_id RHSA-2019:0547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0547
7
reference_url https://access.redhat.com/errata/RHSA-2019:0548
reference_id RHSA-2019:0548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0548
8
reference_url https://usn.ubuntu.com/3858-1/
reference_id USN-3858-1
reference_type
scores
url https://usn.ubuntu.com/3858-1/
fixed_packages
aliases CVE-2018-20615
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k583-3rz1-kkav
9
url VCID-mxps-hrrh-9ybt
vulnerability_id VCID-mxps-hrrh-9ybt
summary Cross-site Scripting in Jenkins Blue Ocean Plugin
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003013.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003013.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003013
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.19394
published_at 2026-06-12T12:55:00Z
1
value 0.00061
scoring_system epss
scoring_elements 0.1939
published_at 2026-06-14T12:55:00Z
2
value 0.00061
scoring_system epss
scoring_elements 0.19225
published_at 2026-06-11T12:55:00Z
3
value 0.00061
scoring_system epss
scoring_elements 0.19414
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003013
3
reference_url https://github.com/jenkinsci/blueocean-plugin/commit/62775e78532b756826bb237775b64a5052624b57
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/blueocean-plugin/commit/62775e78532b756826bb237775b64a5052624b57
4
reference_url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1670299
reference_id 1670299
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1670299
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003013
reference_id CVE-2019-1003013
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003013
7
reference_url https://github.com/advisories/GHSA-7fjr-5hph-c2mh
reference_id GHSA-7fjr-5hph-c2mh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7fjr-5hph-c2mh
fixed_packages
aliases CVE-2019-1003013, GHSA-7fjr-5hph-c2mh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mxps-hrrh-9ybt
10
url VCID-qecg-jkvp-63ax
vulnerability_id VCID-qecg-jkvp-63ax
summary Jenkins Config File Provider Plugin XSS vulnerability
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003014.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003014.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003014
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.2021
published_at 2026-06-14T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20041
published_at 2026-06-11T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20214
published_at 2026-06-12T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.20234
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003014
3
reference_url https://github.com/jenkinsci/config-file-provider-plugin
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/config-file-provider-plugin
4
reference_url https://github.com/jenkinsci/config-file-provider-plugin/commit/64fba993c897ff52a9c6c38c6c41806f2e8cc73f
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/config-file-provider-plugin/commit/64fba993c897ff52a9c6c38c6c41806f2e8cc73f
5
reference_url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1253
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1253
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1671324
reference_id 1671324
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1671324
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003014
reference_id CVE-2019-1003014
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003014
8
reference_url https://github.com/advisories/GHSA-pmc5-74w3-78mw
reference_id GHSA-pmc5-74w3-78mw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pmc5-74w3-78mw
fixed_packages
aliases CVE-2019-1003014, GHSA-pmc5-74w3-78mw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qecg-jkvp-63ax
11
url VCID-uj2g-rhyn-p7f5
vulnerability_id VCID-uj2g-rhyn-p7f5
summary
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000865.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000865.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000865
reference_id
reference_type
scores
0
value 0.00615
scoring_system epss
scoring_elements 0.70482
published_at 2026-06-14T12:55:00Z
1
value 0.00615
scoring_system epss
scoring_elements 0.70471
published_at 2026-06-12T12:55:00Z
2
value 0.00615
scoring_system epss
scoring_elements 0.70485
published_at 2026-06-13T12:55:00Z
3
value 0.00615
scoring_system epss
scoring_elements 0.7038
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000865
3
reference_url https://github.com/jenkinsci/groovy-sandbox/commit/0cd7ec12b7c56cfa3167d99c5f43147ce05449d3
reference_id
reference_type
scores
url https://github.com/jenkinsci/groovy-sandbox/commit/0cd7ec12b7c56cfa3167d99c5f43147ce05449d3
4
reference_url https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b
5
reference_url https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000865
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000865
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1647059
reference_id 1647059
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1647059
8
reference_url https://github.com/advisories/GHSA-p4p5-3v2j-w5rv
reference_id GHSA-p4p5-3v2j-w5rv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p4p5-3v2j-w5rv
fixed_packages
aliases CVE-2018-1000865, GHSA-p4p5-3v2j-w5rv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uj2g-rhyn-p7f5
12
url VCID-v868-js23-9ygp
vulnerability_id VCID-v868-js23-9ygp
summary Improper Authorization in Jenkins Core
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003004.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003004.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1003004
reference_id
reference_type
scores
0
value 0.02398
scoring_system epss
scoring_elements 0.85435
published_at 2026-06-12T12:55:00Z
1
value 0.02398
scoring_system epss
scoring_elements 0.85383
published_at 2026-06-11T12:55:00Z
2
value 0.02398
scoring_system epss
scoring_elements 0.85437
published_at 2026-06-14T12:55:00Z
3
value 0.02398
scoring_system epss
scoring_elements 0.85444
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1003004
2
reference_url https://jenkins.io/security/advisory/2019-01-16/#SECURITY-901
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-01-16/#SECURITY-901
3
reference_url http://www.securityfocus.com/bid/106680
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106680
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1668736
reference_id 1668736
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1668736
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003004
reference_id CVE-2019-1003004
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003004
6
reference_url https://github.com/advisories/GHSA-8qxp-g8jv-p37x
reference_id GHSA-8qxp-g8jv-p37x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8qxp-g8jv-p37x
fixed_packages
aliases CVE-2019-1003004, GHSA-8qxp-g8jv-p37x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v868-js23-9ygp
13
url VCID-vrv3-9v1t-pfex
vulnerability_id VCID-vrv3-9v1t-pfex
summary
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0326
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0326
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000866.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000866.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000866
reference_id
reference_type
scores
0
value 0.00615
scoring_system epss
scoring_elements 0.7038
published_at 2026-06-11T12:55:00Z
1
value 0.00615
scoring_system epss
scoring_elements 0.70471
published_at 2026-06-12T12:55:00Z
2
value 0.00615
scoring_system epss
scoring_elements 0.70485
published_at 2026-06-13T12:55:00Z
3
value 0.00615
scoring_system epss
scoring_elements 0.70482
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000866
3
reference_url https://github.com/jenkinsci/groovy-sandbox/commit/0cd7ec12b7c56cfa3167d99c5f43147ce05449d3
reference_id
reference_type
scores
url https://github.com/jenkinsci/groovy-sandbox/commit/0cd7ec12b7c56cfa3167d99c5f43147ce05449d3
4
reference_url https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b
5
reference_url https://github.com/jenkinsci/workflow-cps-plugin/commit/0eb89aaf24065dbbdf6db84516ac1a52cd435e6d
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-cps-plugin/commit/0eb89aaf24065dbbdf6db84516ac1a52cd435e6d
6
reference_url https://github.com/jenkinsci/workflow-cps-plugin/commit/e1c56eb6d85d513cb24dfe188e6f592d0ff84b38
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-cps-plugin/commit/e1c56eb6d85d513cb24dfe188e6f592d0ff84b38
7
reference_url https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000866
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000866
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1647059
reference_id 1647059
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1647059
10
reference_url https://github.com/advisories/GHSA-gqhm-4h93-rrhg
reference_id GHSA-gqhm-4h93-rrhg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqhm-4h93-rrhg
fixed_packages
aliases CVE-2018-1000866, GHSA-gqhm-4h93-rrhg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrv3-9v1t-pfex
14
url VCID-x3wd-sn2j-7ufu
vulnerability_id VCID-x3wd-sn2j-7ufu
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20103.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20103.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20103
reference_id
reference_type
scores
0
value 0.001
scoring_system epss
scoring_elements 0.27209
published_at 2026-06-11T12:55:00Z
1
value 0.001
scoring_system epss
scoring_elements 0.2741
published_at 2026-06-12T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.27431
published_at 2026-06-13T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27413
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20103
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20103
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20103
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1658876
reference_id 1658876
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1658876
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916307
reference_id 916307
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916307
6
reference_url https://security.archlinux.org/ASA-201901-15
reference_id ASA-201901-15
reference_type
scores
url https://security.archlinux.org/ASA-201901-15
7
reference_url https://security.archlinux.org/AVG-836
reference_id AVG-836
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-836
8
reference_url https://access.redhat.com/errata/RHSA-2019:1436
reference_id RHSA-2019:1436
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1436
9
reference_url https://usn.ubuntu.com/3858-1/
reference_id USN-3858-1
reference_type
scores
url https://usn.ubuntu.com/3858-1/
fixed_packages
aliases CVE-2018-20103
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3wd-sn2j-7ufu
15
url VCID-xytd-8vdz-qbg9
vulnerability_id VCID-xytd-8vdz-qbg9
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20102.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20102.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20102
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09683
published_at 2026-06-11T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09733
published_at 2026-06-12T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09735
published_at 2026-06-13T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09724
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20102
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20102
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20102
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1658874
reference_id 1658874
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1658874
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916308
reference_id 916308
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916308
6
reference_url https://security.archlinux.org/ASA-201901-15
reference_id ASA-201901-15
reference_type
scores
url https://security.archlinux.org/ASA-201901-15
7
reference_url https://security.archlinux.org/AVG-836
reference_id AVG-836
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-836
8
reference_url https://access.redhat.com/errata/RHSA-2019:0547
reference_id RHSA-2019:0547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0547
9
reference_url https://access.redhat.com/errata/RHSA-2019:1436
reference_id RHSA-2019:1436
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1436
10
reference_url https://usn.ubuntu.com/3858-1/
reference_id USN-3858-1
reference_type
scores
url https://usn.ubuntu.com/3858-1/
fixed_packages
aliases CVE-2018-20102
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xytd-8vdz-qbg9
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.11.82-3.git.0.9718d0a%3Farch=el7