Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.467

Type maven

Namespace org.jenkins-ci.main

Name jenkins-core

Version 1.467

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.480.1

Latest_non_vulnerable_version 2.551

Affected_by_vulnerabilities

url VCID-3hpx-qgaa-tycs

vulnerability_id VCID-3hpx-qgaa-tycs

summary

Jenkins allows Cross-Site Scripting (XSS) via Crafted URL
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4439

reference_id

reference_type

scores

value	0.00659
scoring_system	epss
scoring_elements	0.71429
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4439

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439

reference_url	https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
url	https://github.com/jenkinsci/jenkins

reference_url	https://www.cloudbees.com/jenkins-security-advisory-2012-09-17
reference_id
reference_type
scores
url	https://www.cloudbees.com/jenkins-security-advisory-2012-09-17

reference_url	http://www.openwall.com/lists/oss-security/2012/09/21/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2012/09/21/2

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2012-4439
reference_id	CVE-2012-4439
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2012-4439

reference_url	https://security-tracker.debian.org/tracker/CVE-2012-4439
reference_id	CVE-2012-4439
reference_type
scores
url	https://security-tracker.debian.org/tracker/CVE-2012-4439

reference_url

https://github.com/advisories/GHSA-x97g-3gp9-cf2p

reference_id

GHSA-x97g-3gp9-cf2p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x97g-3gp9-cf2p

fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@1.482
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@1.482
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.482

aliases CVE-2012-4439, GHSA-x97g-3gp9-cf2p

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hpx-qgaa-tycs

url VCID-nj1m-4k4z-u3az

vulnerability_id VCID-nj1m-4k4z-u3az

summary

Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4438

reference_id

reference_type

scores

value	0.01121
scoring_system	epss
scoring_elements	0.78558
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4438

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438

reference_url	https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
url	https://github.com/jenkinsci/jenkins

reference_url	https://www.cloudbees.com/jenkins-security-advisory-2012-09-17
reference_id
reference_type
scores
url	https://www.cloudbees.com/jenkins-security-advisory-2012-09-17

reference_url	http://www.openwall.com/lists/oss-security/2012/09/21/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2012/09/21/2

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2012-4438
reference_id	CVE-2012-4438
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2012-4438

reference_url	https://security-tracker.debian.org/tracker/CVE-2012-4438
reference_id	CVE-2012-4438
reference_type
scores
url	https://security-tracker.debian.org/tracker/CVE-2012-4438

reference_url

https://github.com/advisories/GHSA-wr6p-j63r-xqhv

reference_id

GHSA-wr6p-j63r-xqhv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wr6p-j63r-xqhv

fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@1.482
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@1.482
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.482

aliases CVE-2012-4438, GHSA-wr6p-j63r-xqhv

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nj1m-4k4z-u3az

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.467

Package Instance