Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.plugins/koji@0.3

Type maven

Namespace org.jenkins-ci.plugins

Name koji

Version 0.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-hpzd-sruz-4ff2

vulnerability_id VCID-hpzd-sruz-4ff2

summary

Insufficiently Protected Credentials
Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

references

reference_url	https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1092
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1092

reference_url	http://www.openwall.com/lists/oss-security/2019/04/12/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2019/04/12/2

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-10298
reference_id	CVE-2019-10298
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-10298

reference_url	https://github.com/advisories/GHSA-x464-r7f4-gj3m
reference_id	GHSA-x464-r7f4-gj3m
reference_type
scores
url	https://github.com/advisories/GHSA-x464-r7f4-gj3m

fixed_packages

aliases CVE-2019-10298, GHSA-x464-r7f4-gj3m

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpzd-sruz-4ff2

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/koji@0.3

Package Instance