Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62085?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62085?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "type": "maven", "namespace": "org.jenkins-ci.main", "name": "jenkins-core", "version": "1.638", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.640", "latest_non_vulnerable_version": "2.551", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43354?format=api", "vulnerability_id": "VCID-cyyt-dv19-aqgz", "summary": "Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor\nJenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5320", "reference_id": "CVE-2015-5320", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5320" }, { "reference_url": "https://github.com/advisories/GHSA-449q-v4j2-5h8p", "reference_id": "GHSA-449q-v4j2-5h8p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-449q-v4j2-5h8p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62086?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62085?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5320", "GHSA-449q-v4j2-5h8p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyyt-dv19-aqgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43366?format=api", "vulnerability_id": "VCID-gmne-mnta-7khy", "summary": "Jenkins allows Unauthorized Viewing of Queue API Information\nJenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/33b55588a6a5f844a59f2cd8940d385c6d412eb5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins/commit/33b55588a6a5f844a59f2cd8940d385c6d412eb5" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/4a72e938d58598cd4bd3caa48ee9e8a3f60c30e4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins/commit/4a72e938d58598cd4bd3caa48ee9e8a3f60c30e4" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/581eb9ceb354b8a55c010d0547ff73cb6fd67a75", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins/commit/581eb9ceb354b8a55c010d0547ff73cb6fd67a75" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5324", "reference_id": "CVE-2015-5324", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5324" }, { "reference_url": "https://github.com/advisories/GHSA-5xmf-9vgr-53mj", "reference_id": "GHSA-5xmf-9vgr-53mj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5xmf-9vgr-53mj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62086?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62085?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5324", "GHSA-5xmf-9vgr-53mj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gmne-mnta-7khy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43386?format=api", "vulnerability_id": "VCID-hzw1-bfa6-47au", "summary": "Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack\nJenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/f53802bb82a25b295b6dfa3bf2a591a6c8552183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins/commit/f53802bb82a25b295b6dfa3bf2a591a6c8552183" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5318", "reference_id": "CVE-2015-5318", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5318" }, { "reference_url": "https://github.com/advisories/GHSA-3wmv-7php-rhg5", "reference_id": "GHSA-3wmv-7php-rhg5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3wmv-7php-rhg5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62086?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62085?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5318", "GHSA-3wmv-7php-rhg5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzw1-bfa6-47au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43348?format=api", "vulnerability_id": "VCID-jj3u-n2vy-5fe8", "summary": "Jenkins discloses project names via fingerprints\nThe Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5317", "reference_id": "CVE-2015-5317", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5317" }, { "reference_url": "https://github.com/advisories/GHSA-8pqx-3rxx-f5pm", "reference_id": "GHSA-8pqx-3rxx-f5pm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8pqx-3rxx-f5pm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62086?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62085?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5317", "GHSA-8pqx-3rxx-f5pm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jj3u-n2vy-5fe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43605?format=api", "vulnerability_id": "VCID-jr67-gaw6-8kef", "summary": "Jenkins has Local File Inclusion Vulnerability\nDirectory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5322", "reference_id": "CVE-2015-5322", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5322" }, { "reference_url": "https://github.com/advisories/GHSA-89vc-7frq-2rfj", "reference_id": "GHSA-89vc-7frq-2rfj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-89vc-7frq-2rfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62086?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62085?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5322", "GHSA-89vc-7frq-2rfj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jr67-gaw6-8kef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43340?format=api", "vulnerability_id": "VCID-kupx-qgas-r7fz", "summary": "Jenkins allows Cross-Site Scripting (XSS)\nCross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5326", "reference_id": "CVE-2015-5326", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5326" }, { "reference_url": "https://github.com/advisories/GHSA-5mwr-jg3r-jv66", "reference_id": "GHSA-5mwr-jg3r-jv66", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5mwr-jg3r-jv66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62086?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62085?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5326", "GHSA-5mwr-jg3r-jv66" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kupx-qgas-r7fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43339?format=api", "vulnerability_id": "VCID-qtrn-g5ck-d3gs", "summary": "Jenkins has Information Disclosure via Sidepanel Widget\nThe sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/251bdb00ab3cf4435416f0a55fa3bccf7f58896a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins/commit/251bdb00ab3cf4435416f0a55fa3bccf7f58896a" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/9e439d462c28fe1c96799c89709dc5d0cb8ab8fa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins/commit/9e439d462c28fe1c96799c89709dc5d0cb8ab8fa" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5321", "reference_id": "CVE-2015-5321", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5321" }, { "reference_url": "https://github.com/advisories/GHSA-4653-rmch-3g2g", "reference_id": "GHSA-4653-rmch-3g2g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4653-rmch-3g2g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62086?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62085?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5321", "GHSA-4653-rmch-3g2g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtrn-g5ck-d3gs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43612?format=api", "vulnerability_id": "VCID-swpw-2zw3-d3hy", "summary": "Jenkins allows Bypass of Access Restrictions\nJenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/054a329c59171ca12ff98f7063ce7fd053ee08bf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins/commit/054a329c59171ca12ff98f7063ce7fd053ee08bf" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5325", "reference_id": "CVE-2015-5325", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5325" }, { "reference_url": "https://github.com/advisories/GHSA-x2q2-8pwq-fr5r", "reference_id": "GHSA-x2q2-8pwq-fr5r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x2q2-8pwq-fr5r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62086?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62085?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5325", "GHSA-x2q2-8pwq-fr5r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swpw-2zw3-d3hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43336?format=api", "vulnerability_id": "VCID-uxkw-sxe4-gffs", "summary": "Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI\nXML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/e78e9e8144f7304cf274cd4b756f458cf63a3556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins/commit/e78e9e8144f7304cf274cd4b756f458cf63a3556" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5319", "reference_id": "CVE-2015-5319", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5319" }, { "reference_url": "https://github.com/advisories/GHSA-3j9c-cp7m-8w8g", "reference_id": "GHSA-3j9c-cp7m-8w8g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3j9c-cp7m-8w8g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62086?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62085?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5319", "GHSA-3j9c-cp7m-8w8g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uxkw-sxe4-gffs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43588?format=api", "vulnerability_id": "VCID-vuwz-whaq-rybd", "summary": "Jenkins allows Administrators to Access API Tokens\nJenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5323", "reference_id": "CVE-2015-5323", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5323" }, { "reference_url": "https://github.com/advisories/GHSA-x4m5-j4x4-4wjg", "reference_id": "GHSA-x4m5-j4x4-4wjg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x4m5-j4x4-4wjg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62086?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62085?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5323", "GHSA-x4m5-j4x4-4wjg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vuwz-whaq-rybd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" }