Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
Typemaven
Namespaceorg.jenkins-ci.plugins.workflow
Nameworkflow-cps
Version2648.2651.v230593e03e9f
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-5fp9-6s1m-4yee
vulnerability_id VCID-5fp9-6s1m-4yee
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25173.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25173.json
1
reference_url https://github.com/CVEProject/cvelist/blob/3615f493b8a36ff15735fb9d79c9dc9e0d542695/2022/25xxx/CVE-2022-25173.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/3615f493b8a36ff15735fb9d79c9dc9e0d542695/2022/25xxx/CVE-2022-25173.json
2
reference_url https://github.com/jenkinsci/workflow-cps-plugin/commit/f7ae7b75a457976853539bff1db52373b85fdb85
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-cps-plugin/commit/f7ae7b75a457976853539bff1db52373b85fdb85
3
reference_url https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463
4
reference_url http://www.openwall.com/lists/oss-security/2022/02/15/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/02/15/2
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2055733
reference_id 2055733
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2055733
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25173
reference_id CVE-2022-25173
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25173
7
reference_url https://github.com/advisories/GHSA-4m7p-55jm-3vwv
reference_id GHSA-4m7p-55jm-3vwv
reference_type
scores
url https://github.com/advisories/GHSA-4m7p-55jm-3vwv
8
reference_url https://access.redhat.com/errata/RHSA-2022:0871
reference_id RHSA-2022:0871
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0871
9
reference_url https://access.redhat.com/errata/RHSA-2022:1021
reference_id RHSA-2022:1021
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1021
10
reference_url https://access.redhat.com/errata/RHSA-2022:1025
reference_id RHSA-2022:1025
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1025
11
reference_url https://access.redhat.com/errata/RHSA-2022:1248
reference_id RHSA-2022:1248
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1248
12
reference_url https://access.redhat.com/errata/RHSA-2022:1420
reference_id RHSA-2022:1420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1420
13
reference_url https://access.redhat.com/errata/RHSA-2022:1620
reference_id RHSA-2022:1620
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1620
fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a
1
url pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.92.1
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.92.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.92.1
2
url pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.94.1
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.94.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.94.1
3
url pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
aliases CVE-2022-25173, GHSA-4m7p-55jm-3vwv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5fp9-6s1m-4yee
1
url VCID-dds7-1e15-eqh8
vulnerability_id VCID-dds7-1e15-eqh8
summary 
Improper Link Resolution Before File Access ('Link Following')
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25176.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25176.json
1
reference_url https://github.com/jenkinsci/workflow-cps-plugin
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-cps-plugin
2
reference_url https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2055787
reference_id 2055787
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2055787
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25176
reference_id CVE-2022-25176
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25176
5
reference_url https://github.com/advisories/GHSA-6473-gqrj-4p65
reference_id GHSA-6473-gqrj-4p65
reference_type
scores
url https://github.com/advisories/GHSA-6473-gqrj-4p65
6
reference_url https://access.redhat.com/errata/RHSA-2022:0871
reference_id RHSA-2022:0871
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0871
7
reference_url https://access.redhat.com/errata/RHSA-2022:1021
reference_id RHSA-2022:1021
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1021
8
reference_url https://access.redhat.com/errata/RHSA-2022:1025
reference_id RHSA-2022:1025
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1025
9
reference_url https://access.redhat.com/errata/RHSA-2022:1248
reference_id RHSA-2022:1248
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1248
10
reference_url https://access.redhat.com/errata/RHSA-2022:1420
reference_id RHSA-2022:1420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1420
11
reference_url https://access.redhat.com/errata/RHSA-2022:1620
reference_id RHSA-2022:1620
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1620
fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.92.1
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.92.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.92.1
1
url pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.94.1
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.94.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.94.1
2
url pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
aliases CVE-2022-25176, GHSA-6473-gqrj-4p65
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dds7-1e15-eqh8
2
url VCID-p2ed-vf9a-rqab
vulnerability_id VCID-p2ed-vf9a-rqab
summary 
Insufficiently Protected Credentials
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25180.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25180.json
1
reference_url https://github.com/jenkinsci/workflow-cps-plugin/commit/886676efdd711e126307ec70a539f2fe613151f9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-cps-plugin/commit/886676efdd711e126307ec70a539f2fe613151f9
2
reference_url https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2443
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2443
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2055795
reference_id 2055795
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2055795
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25180
reference_id CVE-2022-25180
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25180
5
reference_url https://github.com/advisories/GHSA-qv6q-x9vr-w7j3
reference_id GHSA-qv6q-x9vr-w7j3
reference_type
scores
url https://github.com/advisories/GHSA-qv6q-x9vr-w7j3
6
reference_url https://access.redhat.com/errata/RHSA-2022:0871
reference_id RHSA-2022:0871
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0871
7
reference_url https://access.redhat.com/errata/RHSA-2022:1021
reference_id RHSA-2022:1021
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1021
8
reference_url https://access.redhat.com/errata/RHSA-2022:1025
reference_id RHSA-2022:1025
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1025
9
reference_url https://access.redhat.com/errata/RHSA-2022:1248
reference_id RHSA-2022:1248
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1248
10
reference_url https://access.redhat.com/errata/RHSA-2022:1420
reference_id RHSA-2022:1420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1420
11
reference_url https://access.redhat.com/errata/RHSA-2022:1620
reference_id RHSA-2022:1620
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1620
fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a_e7b_75a_457
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a_e7b_75a_457
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a_e7b_75a_457
1
url pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
aliases CVE-2022-25180, GHSA-qv6q-x9vr-w7j3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2ed-vf9a-rqab
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f