Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/55364?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/55364?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2", "type": "maven", "namespace": "org.jenkins-ci.main", "name": "jenkins-core", "version": "2.32.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.45", "latest_non_vulnerable_version": "2.551", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39650?format=api", "vulnerability_id": "VCID-3jmz-69mw-5qdy", "summary": "Inadequate Encryption Strength\nJenkins uses `AES ECB` block cipher mode without an `IV` for encrypting secrets, which makes Jenkins and the stored secrets vulnerable to unnecessary risks.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95948", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95948" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2598", "reference_id": "CVE-2017-2598", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2598" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2598" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jmz-69mw-5qdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39605?format=api", "vulnerability_id": "VCID-7ky5-eayq-uuds", "summary": "Improper Privilege Management\nJenkins is vulnerable to an insufficient permission check for periodic processes.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95956", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95956" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2611", "reference_id": "CVE-2017-2611", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2611" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2611" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ky5-eayq-uuds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39627?format=api", "vulnerability_id": "VCID-9d5n-bcgb-c7ba", "summary": "Information Exposure\nJenkins is vulnerable to an improper exclusion of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2602" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95952", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95952" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2602", "reference_id": "CVE-2017-2602", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2602" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2602" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9d5n-bcgb-c7ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39629?format=api", "vulnerability_id": "VCID-dzxc-9d3p-xbfv", "summary": "Cross-Site Request Forgery (CSRF)\nJenkins is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create user records.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95967", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95967" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2613", "reference_id": "CVE-2017-2613", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2613" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2613" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzxc-9d3p-xbfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39559?format=api", "vulnerability_id": "VCID-e19f-826q-jfh4", "summary": "Improper Privilege Management\nJenkins is vulnerable to an insufficient permission check. This allows users with permissions to create new items to overwrite existing items they don't have access to.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95949", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95949" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2599", "reference_id": "CVE-2017-2599", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2599" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2599" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e19f-826q-jfh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39633?format=api", "vulnerability_id": "VCID-fpac-1u9h-efbf", "summary": "Cross-site Scripting\nJenkins is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2610" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95951", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95951" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2610", "reference_id": "CVE-2017-2610", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2610" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2610" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fpac-1u9h-efbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39631?format=api", "vulnerability_id": "VCID-grrk-ne4d-r3fg", "summary": "Deserialization of Untrusted Data\nJenkins is vulnerable to a remote code execution vulnerability involving the deserialization of various types in `javax.imageio` in XStream-based APIs.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95953", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95953" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2608", "reference_id": "CVE-2017-2608", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2608" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55459?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.45", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.45" } ], "aliases": [ "CVE-2017-2608" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-grrk-ne4d-r3fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39621?format=api", "vulnerability_id": "VCID-kf3w-cekj-dbdz", "summary": "Cross-site Scripting\nJenkins is vulnerable to a persisted cross-site scripting in parameter names and descriptions. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2601" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95960", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95960" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2601", "reference_id": "CVE-2017-2601", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2601" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2601" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kf3w-cekj-dbdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39638?format=api", "vulnerability_id": "VCID-m6ga-mnu6-vfh1", "summary": "Cross-site Scripting\nJenkins is vulnerable to a persisted cross-site scripting vulnerability in console notes. Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2607", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2607" }, { "reference_url": "http://www.securityfocus.com/bid/95963", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95963" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2607", "reference_id": "CVE-2017-2607", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2607" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2607" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6ga-mnu6-vfh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39628?format=api", "vulnerability_id": "VCID-mb7r-pzyv-jkce", "summary": "Improper Authentication\nIn Jenkins, low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95959", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95959" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2604", "reference_id": "CVE-2017-2604", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2604" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2604" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mb7r-pzyv-jkce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39626?format=api", "vulnerability_id": "VCID-mj86-swgs-wbb4", "summary": "Incorrect Permission Assignment for Critical Resource\nIn Jenkins low privilege users were able to override JDK download credentials, resulting in future builds possibly failing to download a JDK.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95957", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95957" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2612", "reference_id": "CVE-2017-2612", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2612" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2612" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mj86-swgs-wbb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39632?format=api", "vulnerability_id": "VCID-qpf4-djjv-4uez", "summary": "Information Exposure\nJenkins is vulnerable to a user data leak in disconnected agents' `config.xml` API. This could leak sensitive data such as API tokens.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2603", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2603" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95955", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95955" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2603", "reference_id": "CVE-2017-2603", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2603" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2603" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpf4-djjv-4uez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39647?format=api", "vulnerability_id": "VCID-w8mb-ahue-83dv", "summary": "Information Exposure\nJenkins is vulnerable to an information disclosure vulnerability in search suggestions. The `autocomplete` feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609" }, { "reference_url": "http://www.securityfocus.com/bid/95964", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95964" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2609", "reference_id": "CVE-2017-2609", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2609" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2609" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8mb-ahue-83dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39604?format=api", "vulnerability_id": "VCID-xbe9-4svx-ykb8", "summary": "Information Exposure\nJenkins is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible. This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an `UnprotectedRootAction`.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2606" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95962", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95962" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2606", "reference_id": "CVE-2017-2606", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2606" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2606" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbe9-4svx-ykb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39630?format=api", "vulnerability_id": "VCID-xs6s-6qgm-5ye6", "summary": "Information Exposure\nIn Jenkins, monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600" }, { "reference_url": "https://jenkins.io/security/advisory/2017-02-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-02-01/" }, { "reference_url": "http://www.securityfocus.com/bid/95954", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95954" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2600", "reference_id": "CVE-2017-2600", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2600" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grrk-ne4d-r3fg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44" } ], "aliases": [ "CVE-2017-2600" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xs6s-6qgm-5ye6" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2" }