Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63142?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63142?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.651.2", "type": "maven", "namespace": "org.jenkins-ci.main", "name": "jenkins-core", "version": "1.651.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.3", "latest_non_vulnerable_version": "2.555", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44010?format=api", "vulnerability_id": "VCID-2n89-52cd-fkde", "summary": "Jenkins allows Remote Users to Inject Build Parameters\nJenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:22:46Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1206", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:22:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1206" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3721.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3721.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3721", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59769", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59741", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59761", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59716", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59766", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3721" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:22:46Z/" } ], "url": "https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:22:46Z/" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" }, { "reference_url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:22:46Z/" } ], "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:22:46Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335415", "reference_id": "1335415", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335415" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3721", "reference_id": "CVE-2016-3721", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3721" }, { "reference_url": "https://github.com/advisories/GHSA-qf2h-h3xq-j93j", "reference_id": "GHSA-qf2h-h3xq-j93j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qf2h-h3xq-j93j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1773", "reference_id": "RHSA-2016:1773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1773" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63142?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.651.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.651.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/52695?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.3" } ], "aliases": [ "CVE-2016-3721", "GHSA-qf2h-h3xq-j93j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2n89-52cd-fkde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44074?format=api", "vulnerability_id": "VCID-3frm-5qfv-13bg", "summary": "Jenkins Exposes Sensitive Information from Job Configuration\nJenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1206", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1206" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3724.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3724.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48773", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48743", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48784", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48723", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48792", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3724" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" }, { "reference_url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335418", "reference_id": "1335418", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335418" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3724", "reference_id": "CVE-2016-3724", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3724" }, { "reference_url": "https://github.com/advisories/GHSA-7vvj-qqvj-h8mc", "reference_id": "GHSA-7vvj-qqvj-h8mc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7vvj-qqvj-h8mc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1773", "reference_id": "RHSA-2016:1773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1773" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63142?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.651.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.651.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/52695?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.3" } ], "aliases": [ "CVE-2016-3724", "GHSA-7vvj-qqvj-h8mc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3frm-5qfv-13bg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44025?format=api", "vulnerability_id": "VCID-b15t-qmn2-yydx", "summary": "Jenkins Exposes Sensitive Information via API URL\nThe API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1206", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1206" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3727.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3727.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25419", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25397", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25502", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25515", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25456", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3727" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/d66ad6f3ee46a5c6bb865bb831e8cdfc74cd7eb3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/d66ad6f3ee46a5c6bb865bb831e8cdfc74cd7eb3" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" }, { "reference_url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335422", "reference_id": "1335422", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335422" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3727", "reference_id": "CVE-2016-3727", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3727" }, { "reference_url": "https://github.com/advisories/GHSA-6cr3-cm5h-8q96", "reference_id": "GHSA-6cr3-cm5h-8q96", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6cr3-cm5h-8q96" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1773", "reference_id": "RHSA-2016:1773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1773" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63142?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.651.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.651.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/52695?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.3" } ], "aliases": [ "CVE-2016-3727", "GHSA-6cr3-cm5h-8q96" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b15t-qmn2-yydx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43928?format=api", "vulnerability_id": "VCID-buab-caa1-jkhj", "summary": "Jenkins affected by Open Redirect Vulnerability\nMultiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to \"scheme-relative\" URLs.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1206", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1206" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3726.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3726.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3726", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23833", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.2373", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23784", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23848", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23754", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3726" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/2ed0c046dfbb2003a17df27c53777e72c6eaff25", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/2ed0c046dfbb2003a17df27c53777e72c6eaff25" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" }, { "reference_url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335421", "reference_id": "1335421", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335421" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3726", "reference_id": "CVE-2016-3726", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3726" }, { "reference_url": "https://github.com/advisories/GHSA-rx4r-gxpc-h85x", "reference_id": "GHSA-rx4r-gxpc-h85x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rx4r-gxpc-h85x" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1773", "reference_id": "RHSA-2016:1773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1773" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63142?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.651.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.651.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/52695?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.3" } ], "aliases": [ "CVE-2016-3726", "GHSA-rx4r-gxpc-h85x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-buab-caa1-jkhj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.651.2" }