Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.main/jenkins-core@2.376
Typemaven
Namespaceorg.jenkins-ci.main
Namejenkins-core
Version2.376
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.387.1
Latest_non_vulnerable_version2.555
Affected_by_vulnerabilities
0
url VCID-432r-ukuw-4bgt
vulnerability_id VCID-432r-ukuw-4bgt
summary 
Incorrect Authorization
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27903.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27903.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27903
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.2041
published_at 2026-04-24T12:55:00Z
1
value 0.00066
scoring_system epss
scoring_elements 0.206
published_at 2026-04-12T12:55:00Z
2
value 0.00066
scoring_system epss
scoring_elements 0.20766
published_at 2026-04-04T12:55:00Z
3
value 0.00066
scoring_system epss
scoring_elements 0.20486
published_at 2026-04-07T12:55:00Z
4
value 0.00066
scoring_system epss
scoring_elements 0.20563
published_at 2026-04-08T12:55:00Z
5
value 0.00066
scoring_system epss
scoring_elements 0.20622
published_at 2026-04-09T12:55:00Z
6
value 0.00066
scoring_system epss
scoring_elements 0.20642
published_at 2026-04-11T12:55:00Z
7
value 0.00066
scoring_system epss
scoring_elements 0.20524
published_at 2026-04-21T12:55:00Z
8
value 0.00066
scoring_system epss
scoring_elements 0.20529
published_at 2026-04-18T12:55:00Z
9
value 0.00066
scoring_system epss
scoring_elements 0.20706
published_at 2026-04-02T12:55:00Z
10
value 0.00066
scoring_system epss
scoring_elements 0.20532
published_at 2026-04-16T12:55:00Z
11
value 0.00066
scoring_system epss
scoring_elements 0.20547
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27903
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27903.json
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27903.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/554587b06db553ce35fa362d7a0b0aef33a57afb
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/554587b06db553ce35fa362d7a0b0aef33a57afb
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:49:07Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177632
reference_id 2177632
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177632
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27903
reference_id CVE-2023-27903
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27903
7
reference_url https://github.com/advisories/GHSA-584m-7r4m-8j6v
reference_id GHSA-584m-7r4m-8j6v
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-584m-7r4m-8j6v
8
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
9
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
10
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
11
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
12
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
13
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
14
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
15
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
16
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
aliases CVE-2023-27903, GHSA-584m-7r4m-8j6v
risk_score 2.0
exploitability 0.5
weighted_severity 4.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-432r-ukuw-4bgt
1
url VCID-6925-fwf4-f7df
vulnerability_id VCID-6925-fwf4-f7df
summary 
Generation of Error Message Containing Sensitive Information
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27904.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27904.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27904
reference_id
reference_type
scores
0
value 0.00495
scoring_system epss
scoring_elements 0.65808
published_at 2026-04-24T12:55:00Z
1
value 0.00495
scoring_system epss
scoring_elements 0.6579
published_at 2026-04-12T12:55:00Z
2
value 0.00495
scoring_system epss
scoring_elements 0.65753
published_at 2026-04-04T12:55:00Z
3
value 0.00495
scoring_system epss
scoring_elements 0.65719
published_at 2026-04-07T12:55:00Z
4
value 0.00495
scoring_system epss
scoring_elements 0.65772
published_at 2026-04-08T12:55:00Z
5
value 0.00495
scoring_system epss
scoring_elements 0.65783
published_at 2026-04-09T12:55:00Z
6
value 0.00495
scoring_system epss
scoring_elements 0.65804
published_at 2026-04-11T12:55:00Z
7
value 0.00495
scoring_system epss
scoring_elements 0.65795
published_at 2026-04-21T12:55:00Z
8
value 0.00495
scoring_system epss
scoring_elements 0.65809
published_at 2026-04-18T12:55:00Z
9
value 0.00495
scoring_system epss
scoring_elements 0.65723
published_at 2026-04-02T12:55:00Z
10
value 0.00495
scoring_system epss
scoring_elements 0.65794
published_at 2026-04-16T12:55:00Z
11
value 0.00495
scoring_system epss
scoring_elements 0.6576
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27904
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:51:08Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177634
reference_id 2177634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177634
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27904
reference_id CVE-2023-27904
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27904
7
reference_url https://github.com/advisories/GHSA-rrgp-c2w8-6vg6
reference_id GHSA-rrgp-c2w8-6vg6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrgp-c2w8-6vg6
8
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
9
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
10
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
11
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
12
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
13
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
14
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
15
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
16
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
17
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
aliases CVE-2023-27904, GHSA-rrgp-c2w8-6vg6
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6925-fwf4-f7df
2
url VCID-7xf4-2kjf-87fe
vulnerability_id VCID-7xf4-2kjf-87fe
summary 
Improper Access Control
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27902.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27902.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27902
reference_id
reference_type
scores
0
value 0.00788
scoring_system epss
scoring_elements 0.73911
published_at 2026-04-24T12:55:00Z
1
value 0.00788
scoring_system epss
scoring_elements 0.73835
published_at 2026-04-13T12:55:00Z
2
value 0.00788
scoring_system epss
scoring_elements 0.73791
published_at 2026-04-07T12:55:00Z
3
value 0.00788
scoring_system epss
scoring_elements 0.73826
published_at 2026-04-08T12:55:00Z
4
value 0.00788
scoring_system epss
scoring_elements 0.73839
published_at 2026-04-09T12:55:00Z
5
value 0.00788
scoring_system epss
scoring_elements 0.73861
published_at 2026-04-11T12:55:00Z
6
value 0.00788
scoring_system epss
scoring_elements 0.73843
published_at 2026-04-12T12:55:00Z
7
value 0.00788
scoring_system epss
scoring_elements 0.73877
published_at 2026-04-21T12:55:00Z
8
value 0.00788
scoring_system epss
scoring_elements 0.73885
published_at 2026-04-18T12:55:00Z
9
value 0.00788
scoring_system epss
scoring_elements 0.73798
published_at 2026-04-02T12:55:00Z
10
value 0.00788
scoring_system epss
scoring_elements 0.73876
published_at 2026-04-16T12:55:00Z
11
value 0.00788
scoring_system epss
scoring_elements 0.73821
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27902
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27902.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27902.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/80452662b31ac6c9f4418cffae1af6af4daf479a
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/80452662b31ac6c9f4418cffae1af6af4daf479a
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:46:37Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177630
reference_id 2177630
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177630
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27902
reference_id CVE-2023-27902
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27902
7
reference_url https://github.com/advisories/GHSA-cj6r-8pxj-5jv6
reference_id GHSA-cj6r-8pxj-5jv6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cj6r-8pxj-5jv6
8
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
aliases CVE-2023-27902, GHSA-cj6r-8pxj-5jv6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7xf4-2kjf-87fe
3
url VCID-betz-7kth-p3cr
vulnerability_id VCID-betz-7kth-p3cr
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27898.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27898.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27898
reference_id
reference_type
scores
0
value 0.02778
scoring_system epss
scoring_elements 0.86092
published_at 2026-04-24T12:55:00Z
1
value 0.02778
scoring_system epss
scoring_elements 0.86021
published_at 2026-04-07T12:55:00Z
2
value 0.02778
scoring_system epss
scoring_elements 0.86041
published_at 2026-04-08T12:55:00Z
3
value 0.02778
scoring_system epss
scoring_elements 0.8605
published_at 2026-04-09T12:55:00Z
4
value 0.02778
scoring_system epss
scoring_elements 0.86064
published_at 2026-04-11T12:55:00Z
5
value 0.02778
scoring_system epss
scoring_elements 0.86062
published_at 2026-04-12T12:55:00Z
6
value 0.02778
scoring_system epss
scoring_elements 0.86057
published_at 2026-04-13T12:55:00Z
7
value 0.02778
scoring_system epss
scoring_elements 0.86075
published_at 2026-04-16T12:55:00Z
8
value 0.02778
scoring_system epss
scoring_elements 0.8608
published_at 2026-04-18T12:55:00Z
9
value 0.02778
scoring_system epss
scoring_elements 0.86072
published_at 2026-04-21T12:55:00Z
10
value 0.02778
scoring_system epss
scoring_elements 0.86005
published_at 2026-04-02T12:55:00Z
11
value 0.02778
scoring_system epss
scoring_elements 0.86022
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27898
2
reference_url https://github.com/jenkinsci/jenkins/commit/59ac866d9946d7c296023da0ea78baafd4cf71eb
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/59ac866d9946d7c296023da0ea78baafd4cf71eb
3
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:33:39Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177629
reference_id 2177629
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177629
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27898
reference_id CVE-2023-27898
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27898
6
reference_url https://github.com/advisories/GHSA-j664-qhh4-hpf8
reference_id GHSA-j664-qhh4-hpf8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j664-qhh4-hpf8
7
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
8
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
aliases CVE-2023-27898, GHSA-j664-qhh4-hpf8
risk_score 4.3
exploitability 0.5
weighted_severity 8.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-betz-7kth-p3cr
4
url VCID-dvyn-m8js-xbc2
vulnerability_id VCID-dvyn-m8js-xbc2
summary 
Allocation of Resources Without Limits or Throttling
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27901.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27901.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27901
reference_id
reference_type
scores
0
value 0.00622
scoring_system epss
scoring_elements 0.70179
published_at 2026-04-24T12:55:00Z
1
value 0.00622
scoring_system epss
scoring_elements 0.70097
published_at 2026-04-13T12:55:00Z
2
value 0.00622
scoring_system epss
scoring_elements 0.70037
published_at 2026-04-07T12:55:00Z
3
value 0.00622
scoring_system epss
scoring_elements 0.70085
published_at 2026-04-08T12:55:00Z
4
value 0.00622
scoring_system epss
scoring_elements 0.70101
published_at 2026-04-09T12:55:00Z
5
value 0.00622
scoring_system epss
scoring_elements 0.70124
published_at 2026-04-11T12:55:00Z
6
value 0.00622
scoring_system epss
scoring_elements 0.7011
published_at 2026-04-12T12:55:00Z
7
value 0.00622
scoring_system epss
scoring_elements 0.70128
published_at 2026-04-21T12:55:00Z
8
value 0.00622
scoring_system epss
scoring_elements 0.70149
published_at 2026-04-18T12:55:00Z
9
value 0.00622
scoring_system epss
scoring_elements 0.70044
published_at 2026-04-02T12:55:00Z
10
value 0.00622
scoring_system epss
scoring_elements 0.7014
published_at 2026-04-16T12:55:00Z
11
value 0.00622
scoring_system epss
scoring_elements 0.7006
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27901
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27901.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27901.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/b70f4cb5892bd6059a45b5f156f019ce572adb08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/b70f4cb5892bd6059a45b5f156f019ce572adb08
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:44:36Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177646
reference_id 2177646
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177646
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27901
reference_id CVE-2023-27901
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27901
7
reference_url https://github.com/advisories/GHSA-h76p-mc68-jv3p
reference_id GHSA-h76p-mc68-jv3p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h76p-mc68-jv3p
8
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
aliases CVE-2023-27901, GHSA-h76p-mc68-jv3p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvyn-m8js-xbc2
5
url VCID-wyec-gfgc-4yfw
vulnerability_id VCID-wyec-gfgc-4yfw
summary 
Incorrect Authorization
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27899.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27899.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27899
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15325
published_at 2026-04-24T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.15376
published_at 2026-04-12T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15516
published_at 2026-04-04T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.15316
published_at 2026-04-07T12:55:00Z
4
value 0.0005
scoring_system epss
scoring_elements 0.15404
published_at 2026-04-08T12:55:00Z
5
value 0.0005
scoring_system epss
scoring_elements 0.15454
published_at 2026-04-09T12:55:00Z
6
value 0.0005
scoring_system epss
scoring_elements 0.15416
published_at 2026-04-11T12:55:00Z
7
value 0.0005
scoring_system epss
scoring_elements 0.15284
published_at 2026-04-21T12:55:00Z
8
value 0.0005
scoring_system epss
scoring_elements 0.15232
published_at 2026-04-18T12:55:00Z
9
value 0.0005
scoring_system epss
scoring_elements 0.15447
published_at 2026-04-02T12:55:00Z
10
value 0.0005
scoring_system epss
scoring_elements 0.15228
published_at 2026-04-16T12:55:00Z
11
value 0.0005
scoring_system epss
scoring_elements 0.1531
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27899
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27899.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27899.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/f39c11fa27b14923260c4c9b896f0f373e2a0a17
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/f39c11fa27b14923260c4c9b896f0f373e2a0a17
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-28T18:35:20Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177626
reference_id 2177626
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177626
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27899
reference_id CVE-2023-27899
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27899
7
reference_url https://github.com/advisories/GHSA-hf9h-vv4m-2f33
reference_id GHSA-hf9h-vv4m-2f33
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hf9h-vv4m-2f33
8
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
9
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
aliases CVE-2023-27899, GHSA-hf9h-vv4m-2f33
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wyec-gfgc-4yfw
6
url VCID-xznu-vdv9-eue6
vulnerability_id VCID-xznu-vdv9-eue6
summary 
Allocation of Resources Without Limits or Throttling
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27900.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27900.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27900
reference_id
reference_type
scores
0
value 0.00622
scoring_system epss
scoring_elements 0.70149
published_at 2026-04-18T12:55:00Z
1
value 0.00622
scoring_system epss
scoring_elements 0.7006
published_at 2026-04-04T12:55:00Z
2
value 0.00622
scoring_system epss
scoring_elements 0.70037
published_at 2026-04-07T12:55:00Z
3
value 0.00622
scoring_system epss
scoring_elements 0.70085
published_at 2026-04-08T12:55:00Z
4
value 0.00622
scoring_system epss
scoring_elements 0.70101
published_at 2026-04-09T12:55:00Z
5
value 0.00622
scoring_system epss
scoring_elements 0.70124
published_at 2026-04-11T12:55:00Z
6
value 0.00622
scoring_system epss
scoring_elements 0.7011
published_at 2026-04-12T12:55:00Z
7
value 0.00622
scoring_system epss
scoring_elements 0.70097
published_at 2026-04-13T12:55:00Z
8
value 0.00622
scoring_system epss
scoring_elements 0.7014
published_at 2026-04-16T12:55:00Z
9
value 0.00622
scoring_system epss
scoring_elements 0.70179
published_at 2026-04-24T12:55:00Z
10
value 0.00622
scoring_system epss
scoring_elements 0.70044
published_at 2026-04-02T12:55:00Z
11
value 0.00622
scoring_system epss
scoring_elements 0.70128
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27900
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27900.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27900.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/b70f4cb5892bd6059a45b5f156f019ce572adb08
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/b70f4cb5892bd6059a45b5f156f019ce572adb08
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:41:35Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177638
reference_id 2177638
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177638
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27900
reference_id CVE-2023-27900
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27900
7
reference_url https://github.com/advisories/GHSA-frgr-c5f2-8qhh
reference_id GHSA-frgr-c5f2-8qhh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-frgr-c5f2-8qhh
8
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.387.1
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.394
aliases CVE-2023-27900, GHSA-frgr-c5f2-8qhh
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xznu-vdv9-eue6
Fixing_vulnerabilities
Risk_score4.3
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.376