Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.222.1

Type maven

Namespace org.jenkins-ci.main

Name jenkins-core

Version 2.222.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.228

Latest_non_vulnerable_version 2.555

Affected_by_vulnerabilities

url VCID-w7hn-1uj8-cuc6

vulnerability_id VCID-w7hn-1uj8-cuc6

summary

Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23898.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23898.json

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/de450967f38398169650b55c002f1229a3fcdb1b

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/de450967f38398169650b55c002f1229a3fcdb1b

reference_url

https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315

reference_url

https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins

reference_url

http://www.openwall.com/lists/oss-security/2024/01/24/6

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/01/24/6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2260182
reference_id	2260182
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2260182

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23898

reference_id

CVE-2024-23898

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23898

reference_url	https://github.com/advisories/GHSA-53ph-2r2x-vqw8
reference_id	GHSA-53ph-2r2x-vqw8
reference_type
scores
url	https://github.com/advisories/GHSA-53ph-2r2x-vqw8

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.426.3
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.426.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.426.3

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.427

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.427

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y4a2-mamb-yqg6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.427

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.442
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.442
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.442

aliases CVE-2024-23898, GHSA-53ph-2r2x-vqw8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7hn-1uj8-cuc6

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.222.1

Package Instance