Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.main/jenkins-core@1.626
Typemaven
Namespaceorg.jenkins-ci.main
Namejenkins-core
Version1.626
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.638
Latest_non_vulnerable_version2.551
Affected_by_vulnerabilities
0
url VCID-126z-y9y8-zqhx
vulnerability_id VCID-126z-y9y8-zqhx
summary 
Jenkins does not Verify Checksums for Plugin Files
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0070
1
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins
2
reference_url https://github.com/jenkinsci/jenkins/commit/11479a2cc0a322a6bcd7e65667f3d24aa4d444bb
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins/commit/11479a2cc0a322a6bcd7e65667f3d24aa4d444bb
3
reference_url https://github.com/jenkinsci/jenkins/commit/97adb71aa4509f91e408a16ba312e817ec015cf4
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins/commit/97adb71aa4509f91e408a16ba312e817ec015cf4
4
reference_url https://github.com/jenkinsci/jenkins/commit/9ec88357a354d8354728cc06e2b8c8b68aee58bf
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins/commit/9ec88357a354d8354728cc06e2b8c8b68aee58bf
5
reference_url https://github.com/jenkinsci/jenkins/commit/c158648afa8888bc49ac337c973d4e4bc050118e
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins/commit/c158648afa8888bc49ac337c973d4e4bc050118e
6
reference_url https://github.com/jenkinsci/jenkins/commit/f99cb46e06f394637067730a82f46bddc3567295
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins/commit/f99cb46e06f394637067730a82f46bddc3567295
7
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
reference_id
reference_type
scores
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7539
reference_id CVE-2015-7539
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-7539
9
reference_url https://github.com/advisories/GHSA-x274-9m9r-fm5g
reference_id GHSA-x274-9m9r-fm5g
reference_type
scores
url https://github.com/advisories/GHSA-x274-9m9r-fm5g
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.640
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.640
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.640
aliases CVE-2015-7539, GHSA-x274-9m9r-fm5g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-126z-y9y8-zqhx
1
url VCID-hzw1-bfa6-47au
vulnerability_id VCID-hzw1-bfa6-47au
summary 
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0070
1
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins
2
reference_url https://github.com/jenkinsci/jenkins/commit/f53802bb82a25b295b6dfa3bf2a591a6c8552183
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins/commit/f53802bb82a25b295b6dfa3bf2a591a6c8552183
3
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id
reference_type
scores
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5318
reference_id CVE-2015-5318
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-5318
5
reference_url https://github.com/advisories/GHSA-3wmv-7php-rhg5
reference_id GHSA-3wmv-7php-rhg5
reference_type
scores
url https://github.com/advisories/GHSA-3wmv-7php-rhg5
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
aliases CVE-2015-5318, GHSA-3wmv-7php-rhg5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hzw1-bfa6-47au
2
url VCID-jj3u-n2vy-5fe8
vulnerability_id VCID-jj3u-n2vy-5fe8
summary 
Jenkins discloses project names via fingerprints
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0070
1
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins
2
reference_url https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4
3
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id
reference_type
scores
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
4
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317
reference_id
reference_type
scores
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5317
reference_id CVE-2015-5317
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-5317
6
reference_url https://github.com/advisories/GHSA-8pqx-3rxx-f5pm
reference_id GHSA-8pqx-3rxx-f5pm
reference_type
scores
url https://github.com/advisories/GHSA-8pqx-3rxx-f5pm
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
aliases CVE-2015-5317, GHSA-8pqx-3rxx-f5pm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jj3u-n2vy-5fe8
3
url VCID-kupx-qgas-r7fz
vulnerability_id VCID-kupx-qgas-r7fz
summary 
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0070
1
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins
2
reference_url https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608
3
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id
reference_type
scores
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5326
reference_id CVE-2015-5326
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-5326
5
reference_url https://github.com/advisories/GHSA-5mwr-jg3r-jv66
reference_id GHSA-5mwr-jg3r-jv66
reference_type
scores
url https://github.com/advisories/GHSA-5mwr-jg3r-jv66
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
aliases CVE-2015-5326, GHSA-5mwr-jg3r-jv66
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kupx-qgas-r7fz
4
url VCID-swpw-2zw3-d3hy
vulnerability_id VCID-swpw-2zw3-d3hy
summary 
Jenkins allows Bypass of Access Restrictions
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0070
1
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins
2
reference_url https://github.com/jenkinsci/jenkins/commit/054a329c59171ca12ff98f7063ce7fd053ee08bf
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins/commit/054a329c59171ca12ff98f7063ce7fd053ee08bf
3
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id
reference_type
scores
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5325
reference_id CVE-2015-5325
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-5325
5
reference_url https://github.com/advisories/GHSA-x2q2-8pwq-fr5r
reference_id GHSA-x2q2-8pwq-fr5r
reference_type
scores
url https://github.com/advisories/GHSA-x2q2-8pwq-fr5r
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
aliases CVE-2015-5325, GHSA-x2q2-8pwq-fr5r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swpw-2zw3-d3hy
5
url VCID-vuwz-whaq-rybd
vulnerability_id VCID-vuwz-whaq-rybd
summary 
Jenkins allows Administrators to Access API Tokens
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0070
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0070
1
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins
2
reference_url https://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6
3
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
reference_id
reference_type
scores
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5323
reference_id CVE-2015-5323
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-5323
5
reference_url https://github.com/advisories/GHSA-x4m5-j4x4-4wjg
reference_id GHSA-x4m5-j4x4-4wjg
reference_type
scores
url https://github.com/advisories/GHSA-x4m5-j4x4-4wjg
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638
aliases CVE-2015-5323, GHSA-x4m5-j4x4-4wjg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vuwz-whaq-rybd
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.626