Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/jenkins@2.346.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
Typeapk
Namespacealpine
Namejenkins
Version2.346.2-r0
Qualifiers
arch riscv64
distroversion v3.21
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.361.2-r0
Latest_non_vulnerable_version2.361.2-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1h9x-56rp-j7ch
vulnerability_id VCID-1h9x-56rp-j7ch
summary 
Cross-site Scripting vulnerability in Jenkins
Since Jenkins 2.340, the tooltip of the build button in list views supports HTML without escaping the job display name.

This vulnerability is known to be exploitable by attackers with Job/Configure permission.

Jenkins 2.356 addresses this vulnerability. The tooltip of the build button in list views is now escaped.

No Jenkins LTS release is affected by SECURITY-2776 or SECURITY-2780, as these were not present in Jenkins 2.332.x and fixed in the 2.346.x line before 2.346.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34173.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34173.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34173
reference_id
reference_type
scores
0
value 0.09062
scoring_system epss
scoring_elements 0.92664
published_at 2026-04-24T12:55:00Z
1
value 0.09062
scoring_system epss
scoring_elements 0.92662
published_at 2026-04-21T12:55:00Z
2
value 0.09062
scoring_system epss
scoring_elements 0.92658
published_at 2026-04-18T12:55:00Z
3
value 0.09062
scoring_system epss
scoring_elements 0.92659
published_at 2026-04-16T12:55:00Z
4
value 0.09062
scoring_system epss
scoring_elements 0.92645
published_at 2026-04-13T12:55:00Z
5
value 0.11821
scoring_system epss
scoring_elements 0.937
published_at 2026-04-04T12:55:00Z
6
value 0.11821
scoring_system epss
scoring_elements 0.93689
published_at 2026-04-02T12:55:00Z
7
value 0.11821
scoring_system epss
scoring_elements 0.93703
published_at 2026-04-07T12:55:00Z
8
value 0.11821
scoring_system epss
scoring_elements 0.93712
published_at 2026-04-08T12:55:00Z
9
value 0.11821
scoring_system epss
scoring_elements 0.93714
published_at 2026-04-09T12:55:00Z
10
value 0.11821
scoring_system epss
scoring_elements 0.93719
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34173
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34173
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34173
4
reference_url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119652
reference_id 2119652
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119652
6
reference_url https://github.com/advisories/GHSA-6g4r-q7qg-6qx6
reference_id GHSA-6g4r-q7qg-6qx6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6g4r-q7qg-6qx6
fixed_packages
0
url pkg:apk/alpine/jenkins@2.346.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/jenkins@2.346.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.346.2-r0%3Farch=riscv64&distroversion=v3.21&reponame=community
aliases CVE-2022-34173, GHSA-6g4r-q7qg-6qx6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1h9x-56rp-j7ch
1
url VCID-gua8-x599-fqad
vulnerability_id VCID-gua8-x599-fqad
summary 
Cross-site Scripting vulnerability in Jenkins
Since Jenkins 2.320 and LTS 2.332.1, help icon tooltips no longer escape the feature name, effectively undoing the fix for [SECURITY-1955](https://www.jenkins.io/security/advisory/2020-08-12/#SECURITY-1955).

This vulnerability is known to be exploitable by attackers with Job/Configure permission.

Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability, the feature name in help icon tooltips is now escaped.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34170.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34170.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34170
reference_id
reference_type
scores
0
value 0.03786
scoring_system epss
scoring_elements 0.881
published_at 2026-04-24T12:55:00Z
1
value 0.03786
scoring_system epss
scoring_elements 0.88082
published_at 2026-04-21T12:55:00Z
2
value 0.03786
scoring_system epss
scoring_elements 0.88085
published_at 2026-04-16T12:55:00Z
3
value 0.03786
scoring_system epss
scoring_elements 0.88072
published_at 2026-04-13T12:55:00Z
4
value 0.05054
scoring_system epss
scoring_elements 0.89738
published_at 2026-04-02T12:55:00Z
5
value 0.05054
scoring_system epss
scoring_elements 0.89752
published_at 2026-04-04T12:55:00Z
6
value 0.05054
scoring_system epss
scoring_elements 0.89754
published_at 2026-04-07T12:55:00Z
7
value 0.05054
scoring_system epss
scoring_elements 0.89771
published_at 2026-04-08T12:55:00Z
8
value 0.05054
scoring_system epss
scoring_elements 0.89778
published_at 2026-04-09T12:55:00Z
9
value 0.05054
scoring_system epss
scoring_elements 0.89784
published_at 2026-04-11T12:55:00Z
10
value 0.05054
scoring_system epss
scoring_elements 0.89782
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34170
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/f71495a63f8b861e8ca3a5fcf5cc931fce55bc57
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/f71495a63f8b861e8ca3a5fcf5cc931fce55bc57
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34170
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34170
5
reference_url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119648
reference_id 2119648
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119648
7
reference_url https://github.com/advisories/GHSA-62wf-24c4-8r76
reference_id GHSA-62wf-24c4-8r76
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62wf-24c4-8r76
fixed_packages
0
url pkg:apk/alpine/jenkins@2.346.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/jenkins@2.346.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.346.2-r0%3Farch=riscv64&distroversion=v3.21&reponame=community
aliases CVE-2022-34170, GHSA-62wf-24c4-8r76
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gua8-x599-fqad
2
url VCID-j861-35t6-8qep
vulnerability_id VCID-j861-35t6-8qep
summary 
Cross-site Scripting vulnerability in Jenkins
Since Jenkins 2.321 and LTS 2.332.1, the HTML output generated for new symbol-based SVG icons includes the `title` attribute of `l:ionicon` until Jenkins 2.334 and `alt` attribute of `l:icon` since Jenkins 2.335 without further escaping.

This vulnerability is known to be exploitable by attackers with Job/Configure permission.

Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability, the `title` attribute of `l:ionicon` (Jenkins LTS 2.332.4) and `alt` attribute of `l:icon` (Jenkins 2.356 and LTS 2.346.1) are escaped in the generated HTML output.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34171.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34171.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34171
reference_id
reference_type
scores
0
value 0.03237
scoring_system epss
scoring_elements 0.87115
published_at 2026-04-24T12:55:00Z
1
value 0.03237
scoring_system epss
scoring_elements 0.871
published_at 2026-04-18T12:55:00Z
2
value 0.03237
scoring_system epss
scoring_elements 0.87096
published_at 2026-04-21T12:55:00Z
3
value 0.03237
scoring_system epss
scoring_elements 0.8708
published_at 2026-04-13T12:55:00Z
4
value 0.04332
scoring_system epss
scoring_elements 0.88891
published_at 2026-04-04T12:55:00Z
5
value 0.04332
scoring_system epss
scoring_elements 0.88875
published_at 2026-04-02T12:55:00Z
6
value 0.04332
scoring_system epss
scoring_elements 0.88893
published_at 2026-04-07T12:55:00Z
7
value 0.04332
scoring_system epss
scoring_elements 0.88911
published_at 2026-04-08T12:55:00Z
8
value 0.04332
scoring_system epss
scoring_elements 0.88917
published_at 2026-04-09T12:55:00Z
9
value 0.04332
scoring_system epss
scoring_elements 0.88928
published_at 2026-04-11T12:55:00Z
10
value 0.04332
scoring_system epss
scoring_elements 0.88923
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34171
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34171
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34171
4
reference_url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119649
reference_id 2119649
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119649
6
reference_url https://github.com/advisories/GHSA-7f84-p6r5-jr6q
reference_id GHSA-7f84-p6r5-jr6q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7f84-p6r5-jr6q
fixed_packages
0
url pkg:apk/alpine/jenkins@2.346.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/jenkins@2.346.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.346.2-r0%3Farch=riscv64&distroversion=v3.21&reponame=community
aliases CVE-2022-34171, GHSA-7f84-p6r5-jr6q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j861-35t6-8qep
3
url VCID-uwfz-czcp-qyd9
vulnerability_id VCID-uwfz-czcp-qyd9
summary 
Cross-site Scripting vulnerability in Jenkins
Since Jenkins 2.340, symbol-based icons unescape previously escaped values of `tooltip` parameters.

This vulnerability is known to be exploitable by attackers with Job/Configure permission.

Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability. Symbol-based icons no longer unescape values of `tooltip` parameters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34172.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34172.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34172
reference_id
reference_type
scores
0
value 0.04819
scoring_system epss
scoring_elements 0.89533
published_at 2026-04-24T12:55:00Z
1
value 0.04819
scoring_system epss
scoring_elements 0.89518
published_at 2026-04-21T12:55:00Z
2
value 0.04819
scoring_system epss
scoring_elements 0.89521
published_at 2026-04-18T12:55:00Z
3
value 0.04819
scoring_system epss
scoring_elements 0.8952
published_at 2026-04-16T12:55:00Z
4
value 0.04819
scoring_system epss
scoring_elements 0.89506
published_at 2026-04-13T12:55:00Z
5
value 0.06403
scoring_system epss
scoring_elements 0.90998
published_at 2026-04-04T12:55:00Z
6
value 0.06403
scoring_system epss
scoring_elements 0.90989
published_at 2026-04-02T12:55:00Z
7
value 0.06403
scoring_system epss
scoring_elements 0.91008
published_at 2026-04-07T12:55:00Z
8
value 0.06403
scoring_system epss
scoring_elements 0.91021
published_at 2026-04-08T12:55:00Z
9
value 0.06403
scoring_system epss
scoring_elements 0.91026
published_at 2026-04-09T12:55:00Z
10
value 0.06403
scoring_system epss
scoring_elements 0.91035
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34172
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34172
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34172
4
reference_url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119650
reference_id 2119650
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119650
6
reference_url https://github.com/advisories/GHSA-mhp7-3393-pfqr
reference_id GHSA-mhp7-3393-pfqr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhp7-3393-pfqr
fixed_packages
0
url pkg:apk/alpine/jenkins@2.346.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/jenkins@2.346.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.346.2-r0%3Farch=riscv64&distroversion=v3.21&reponame=community
aliases CVE-2022-34172, GHSA-mhp7-3393-pfqr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uwfz-czcp-qyd9
4
url VCID-vgg4-g95a-gkey
vulnerability_id VCID-vgg4-g95a-gkey
summary 
Observable timing discrepancy allows determining username validity in Jenkins
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. This allows attackers to determine the validity of attacker-specified usernames.

Login attempts with an invalid username now validate a synthetic password to eliminate the timing discrepancy in Jenkins 2.356, LTS 2.332.4.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34174.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34174.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34174
reference_id
reference_type
scores
0
value 0.00863
scoring_system epss
scoring_elements 0.75152
published_at 2026-04-24T12:55:00Z
1
value 0.00863
scoring_system epss
scoring_elements 0.75113
published_at 2026-04-21T12:55:00Z
2
value 0.00863
scoring_system epss
scoring_elements 0.75123
published_at 2026-04-18T12:55:00Z
3
value 0.00863
scoring_system epss
scoring_elements 0.75116
published_at 2026-04-16T12:55:00Z
4
value 0.00863
scoring_system epss
scoring_elements 0.75078
published_at 2026-04-13T12:55:00Z
5
value 0.01169
scoring_system epss
scoring_elements 0.78641
published_at 2026-04-04T12:55:00Z
6
value 0.01169
scoring_system epss
scoring_elements 0.7861
published_at 2026-04-02T12:55:00Z
7
value 0.01169
scoring_system epss
scoring_elements 0.78622
published_at 2026-04-07T12:55:00Z
8
value 0.01169
scoring_system epss
scoring_elements 0.78647
published_at 2026-04-08T12:55:00Z
9
value 0.01169
scoring_system epss
scoring_elements 0.78654
published_at 2026-04-09T12:55:00Z
10
value 0.01169
scoring_system epss
scoring_elements 0.78679
published_at 2026-04-11T12:55:00Z
11
value 0.01169
scoring_system epss
scoring_elements 0.7866
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34174
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/957ef5902f2e40b6358e6d10f12b26f9dbd2f75a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/957ef5902f2e40b6358e6d10f12b26f9dbd2f75a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34174
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34174
5
reference_url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119653
reference_id 2119653
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119653
7
reference_url https://github.com/advisories/GHSA-9grj-j43m-mjqr
reference_id GHSA-9grj-j43m-mjqr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9grj-j43m-mjqr
8
reference_url https://access.redhat.com/errata/RHSA-2023:0017
reference_id RHSA-2023:0017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0017
9
reference_url https://access.redhat.com/errata/RHSA-2023:0697
reference_id RHSA-2023:0697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0697
10
reference_url https://access.redhat.com/errata/RHSA-2023:0777
reference_id RHSA-2023:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0777
fixed_packages
0
url pkg:apk/alpine/jenkins@2.346.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/jenkins@2.346.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.346.2-r0%3Farch=riscv64&distroversion=v3.21&reponame=community
aliases CVE-2022-34174, GHSA-9grj-j43m-mjqr
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgg4-g95a-gkey
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.346.2-r0%3Farch=riscv64&distroversion=v3.21&reponame=community