Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/53919?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/53919?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.83", "type": "maven", "namespace": "org.jenkins-ci.main", "name": "jenkins-core", "version": "2.83", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.84", "latest_non_vulnerable_version": "2.551", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12103?format=api", "vulnerability_id": "VCID-32pa-nzy7-v7ap", "summary": "Improper Input Validation\nThe Jenkins default form control for passwords and other secrets, `<f:password/>`, supports form validation. The form validation AJAX requests were sent via GET, which could result in secrets being logged to an HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11898", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000401" }, { "reference_url": "https://github.com/jenkinsci/jenkins/blob/6d179998e18adfbaa4e443c7e837135bf36c53d7/test/src/test/java/lib/form/PasswordTest.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/blob/6d179998e18adfbaa4e443c7e837135bf36c53d7/test/src/test/java/lib/form/PasswordTest.java" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/09d60462b9edf775f08568601bb3e2cfd8075368", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/09d60462b9edf775f08568601bb3e2cfd8075368" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2017-10-11" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-10-11/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000401", "reference_id": "CVE-2017-1000401", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000401" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76909?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.84", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.84" }, { "url": "http://public2.vulnerablecode.io/api/packages/53920?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.86", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.86" } ], "aliases": [ "CVE-2017-1000401", "GHSA-h8c5-c92g-jq6x" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-32pa-nzy7-v7ap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12102?format=api", "vulnerability_id": "VCID-d43t-b3f6-4qh6", "summary": "Information Exposure\nThe Jenkins remote API at `/queue/item/(ID)/api` showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51153", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000399" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/blob/6d179998e18adfbaa4e443c7e837135bf36c53d7/test/src/test/java/hudson/model/QueueTest.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/blob/6d179998e18adfbaa4e443c7e837135bf36c53d7/test/src/test/java/hudson/model/QueueTest.java" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/3ff432ace14d8f4544c88a179a2f7a962eb98ba6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/3ff432ace14d8f4544c88a179a2f7a962eb98ba6" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2017-10-11" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-10-11/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000399", "reference_id": "CVE-2017-1000399", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000399" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76909?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.84", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.84" }, { "url": "http://public2.vulnerablecode.io/api/packages/53920?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.86", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.86" } ], "aliases": [ "CVE-2017-1000399", "GHSA-g78x-xmv8-23xp" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d43t-b3f6-4qh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9704?format=api", "vulnerability_id": "VCID-hkq2-zykf-kugj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01303", "scoring_system": "epss", "scoring_elements": "0.80075", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000393" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/67f68c181033cbabf2075769e0f846f58c226c08", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/67f68c181033cbabf2075769e0f846f58c226c08" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/d7ea3f40efedd50541a57b943d5f7bbed046d091", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/d7ea3f40efedd50541a57b943d5f7bbed046d091" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2017-10-11" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-10-11/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000393", "reference_id": "CVE-2017-1000393", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000393" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76909?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.84", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.84" }, { "url": "http://public2.vulnerablecode.io/api/packages/53920?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.86", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.86" } ], "aliases": [ "CVE-2017-1000393", "GHSA-j472-mcq2-95p6" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hkq2-zykf-kugj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9981?format=api", "vulnerability_id": "VCID-j6v8-fjp5-m7ds", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.4049", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000398" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/blob/e27b310065b3c036b5fc9d123f1d1d99d3058c00/test/src/test/java/hudson/model/ExecutorTest.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/blob/e27b310065b3c036b5fc9d123f1d1d99d3058c00/test/src/test/java/hudson/model/ExecutorTest.java" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/da06fd471cea79123821c778228eeb08e1cedcc7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/da06fd471cea79123821c778228eeb08e1cedcc7" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2017-10-11" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-10-11/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000398", "reference_id": "CVE-2017-1000398", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000398" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76909?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.84", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.84" }, { "url": "http://public2.vulnerablecode.io/api/packages/53920?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.86", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.86" } ], "aliases": [ "CVE-2017-1000398", "GHSA-h972-cwjv-2v39" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6v8-fjp5-m7ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9900?format=api", "vulnerability_id": "VCID-j9fd-bscd-dudw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29312", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000400" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/blob/6d179998e18adfbaa4e443c7e837135bf36c53d7/test/src/test/java/hudson/model/AbstractProjectTest.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/blob/6d179998e18adfbaa4e443c7e837135bf36c53d7/test/src/test/java/hudson/model/AbstractProjectTest.java" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/b2083a387a5bdb6f7ee7f7c81a1f6312aca2a558", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/b2083a387a5bdb6f7ee7f7c81a1f6312aca2a558" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2017-10-11" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-10-11/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000400", "reference_id": "CVE-2017-1000400", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000400" }, { "reference_url": "https://github.com/advisories/GHSA-p8x8-p473-mmmv", "reference_id": "GHSA-p8x8-p473-mmmv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p8x8-p473-mmmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76909?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.84", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.84" }, { "url": "http://public2.vulnerablecode.io/api/packages/53920?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.86", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.86" } ], "aliases": [ "CVE-2017-1000400", "GHSA-p8x8-p473-mmmv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j9fd-bscd-dudw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12106?format=api", "vulnerability_id": "VCID-numr-pkmf-nqhf", "summary": "Improper Certificate Validation\nJenkins bundled a version of the commons-httpclient library that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12583", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000396" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/fe77d1c3dbf91ddf2a9f8e5ed882611455ab00d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/fe77d1c3dbf91ddf2a9f8e5ed882611455ab00d0" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2017-10-11" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-10-11/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000396", "reference_id": "CVE-2017-1000396", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000396" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76909?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.84", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.84" }, { "url": "http://public2.vulnerablecode.io/api/packages/53920?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.86", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.86" } ], "aliases": [ "CVE-2017-1000396", "GHSA-fq9f-9wv9-rfmg" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-numr-pkmf-nqhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12109?format=api", "vulnerability_id": "VCID-qq9u-naap-zyfp", "summary": "Improper Input Validation\nJenkins bundles a version of the commons-fileupload library with a denial-of-service vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66252", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000394" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/ea981a029cb985b71f3a0dc0f9ce3b3e3e6c001b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/ea981a029cb985b71f3a0dc0f9ce3b3e3e6c001b" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2017-10-11" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-10-11/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000394", "reference_id": "CVE-2017-1000394", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000394" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76909?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.84", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.84" }, { "url": "http://public2.vulnerablecode.io/api/packages/53920?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.86", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.86" } ], "aliases": [ "CVE-2017-1000394", "GHSA-f7f6-xrwc-9c57" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qq9u-naap-zyfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10156?format=api", "vulnerability_id": "VCID-v7cw-mt1y-1ydw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000395", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28521", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000395" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/7b1f8e96a8d97dd09e5e093fcdb010b3295acc77", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/7b1f8e96a8d97dd09e5e093fcdb010b3295acc77" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2017-10-11" }, { "reference_url": "https://jenkins.io/security/advisory/2017-10-11/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-10-11/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000395", "reference_id": "CVE-2017-1000395", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000395" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76909?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.84", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.84" }, { "url": "http://public2.vulnerablecode.io/api/packages/53920?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.86", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.86" } ], "aliases": [ "CVE-2017-1000395", "GHSA-wqv4-9gr3-3qgh" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v7cw-mt1y-1ydw" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.83" }