Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/43037?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/43037?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.462.3", "type": "maven", "namespace": "org.jenkins-ci.main", "name": "jenkins-core", "version": "2.462.3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.471", "latest_non_vulnerable_version": "2.555", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12557?format=api", "vulnerability_id": "VCID-jarz-xtnw-ufbz", "summary": "Jenkins exposes multi-line secrets through error messages\nJenkins \n\nJenkins provides the `secretTextarea` form field for multi-line secrets.\n\nJenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.\n\nThis can result in exposure of multi-line secrets through those error messages, e.g., in the system log.\n\nJenkins 2.479, LTS 2.462.3 redacts multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47803.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47803.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47803", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70364", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70268", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70284", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70307", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70293", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.7028", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70321", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70331", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70312", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70229", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70222", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47803" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47803", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47803" }, { "reference_url": "https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3451", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T16:31:49Z/" } ], "url": "https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316137", "reference_id": "2316137", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316137" }, { "reference_url": "https://github.com/advisories/GHSA-pj95-ph4q-4qm4", "reference_id": "GHSA-pj95-ph4q-4qm4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pj95-ph4q-4qm4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8884", "reference_id": "RHSA-2024:8884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8885", "reference_id": "RHSA-2024:8885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8886", "reference_id": "RHSA-2024:8886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8887", "reference_id": "RHSA-2024:8887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8887" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43037?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.462.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.462.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/43045?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.479", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.479" } ], "aliases": [ "CVE-2024-47803", "GHSA-pj95-ph4q-4qm4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jarz-xtnw-ufbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11960?format=api", "vulnerability_id": "VCID-vpxs-mxz3-xqch", "summary": "Jenkins item creation restriction bypass vulnerability\nJenkins provides APIs for fine-grained control of item creation:\n\n- Authorization strategies can prohibit the creation of items of a given type in a given item group (`ACL#hasCreatePermission2`).\n\n- Item types can prohibit creation of new instances in a given item group (`TopLevelItemDescriptor#isApplicableIn(ItemGroup)`).\n\nIf an attempt is made to create an item of a prohibited type through the Jenkins CLI or the REST API and either of the above checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk.\n\nThis allows attackers with Item/Create permission to bypass these restrictions, creating a temporary item. With Item/Configure permission, they can also save the item to persist it.\n\nIf an attempt is made to create an item of a prohibited type through the Jenkins CLI or the REST API and either of the above checks fail, Jenkins 2.479, LTS 2.462.3 does not retain the item in memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63619", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63538", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.6359", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63607", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63622", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63606", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63609", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63618", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63601", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63545", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63573", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47804" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47804", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47804" }, { "reference_url": "https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3448", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T16:31:07Z/" } ], "url": "https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3448" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316131", "reference_id": "2316131", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316131" }, { "reference_url": "https://github.com/advisories/GHSA-f9qj-77q2-h5c5", "reference_id": "GHSA-f9qj-77q2-h5c5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f9qj-77q2-h5c5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8884", "reference_id": "RHSA-2024:8884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8885", "reference_id": "RHSA-2024:8885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8886", "reference_id": "RHSA-2024:8886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8887", "reference_id": "RHSA-2024:8887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8887" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43037?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.462.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.462.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/43045?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.479", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.479" } ], "aliases": [ "CVE-2024-47804", "GHSA-f9qj-77q2-h5c5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpxs-mxz3-xqch" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.462.3" }