Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins-2-plugins@4.12.1740464689-1?arch=el8
Typerpm
Namespaceredhat
Namejenkins-2-plugins
Version4.12.1740464689-1
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-fcg2-x3s5-wudk
vulnerability_id VCID-fcg2-x3s5-wudk
summary 
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
### Impact
The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver.

### Patches
XStream 1.4.21 detects the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead.

### Workarounds
The only solution is to catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.

### References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2024-47072](https://x-stream.github.io/CVE-2024-47072.html).

### Credits
Alexis Challande of Trail Of Bits found and reported the issue to XStream and provided the required information to reproduce it.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47072.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47072.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47072
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49494
published_at 2026-04-18T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49496
published_at 2026-04-16T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.4945
published_at 2026-04-13T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49448
published_at 2026-04-12T12:55:00Z
4
value 0.00261
scoring_system epss
scoring_elements 0.49429
published_at 2026-04-02T12:55:00Z
5
value 0.00261
scoring_system epss
scoring_elements 0.49409
published_at 2026-04-07T12:55:00Z
6
value 0.00261
scoring_system epss
scoring_elements 0.49464
published_at 2026-04-21T12:55:00Z
7
value 0.00261
scoring_system epss
scoring_elements 0.49459
published_at 2026-04-09T12:55:00Z
8
value 0.00261
scoring_system epss
scoring_elements 0.49455
published_at 2026-04-04T12:55:00Z
9
value 0.00261
scoring_system epss
scoring_elements 0.49476
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47072
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47072
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47072
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
5
reference_url https://github.com/x-stream/xstream/commit/bb838ce2269cac47433e31c77b2b236466e9f266
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T15:17:42Z/
url https://github.com/x-stream/xstream/commit/bb838ce2269cac47433e31c77b2b236466e9f266
6
reference_url https://github.com/x-stream/xstream/commit/fdd9f7d3de0d7ccf2f9979bcd09fbf3e6a0c881a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/commit/fdd9f7d3de0d7ccf2f9979bcd09fbf3e6a0c881a
7
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T15:17:42Z/
url https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q
8
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47072
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47072
10
reference_url https://x-stream.github.io/CVE-2024-47072.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T15:17:42Z/
url https://x-stream.github.io/CVE-2024-47072.html
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087274
reference_id 1087274
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087274
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2324606
reference_id 2324606
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2324606
13
reference_url https://github.com/advisories/GHSA-hfq9-hggm-c56q
reference_id GHSA-hfq9-hggm-c56q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hfq9-hggm-c56q
14
reference_url https://access.redhat.com/errata/RHSA-2024:10214
reference_id RHSA-2024:10214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10214
15
reference_url https://access.redhat.com/errata/RHSA-2025:2218
reference_id RHSA-2025:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2218
16
reference_url https://access.redhat.com/errata/RHSA-2025:2219
reference_id RHSA-2025:2219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2219
17
reference_url https://access.redhat.com/errata/RHSA-2025:2220
reference_id RHSA-2025:2220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2220
18
reference_url https://access.redhat.com/errata/RHSA-2025:2221
reference_id RHSA-2025:2221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2221
19
reference_url https://access.redhat.com/errata/RHSA-2025:2222
reference_id RHSA-2025:2222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2222
20
reference_url https://access.redhat.com/errata/RHSA-2025:2223
reference_id RHSA-2025:2223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2223
fixed_packages
aliases CVE-2024-47072, GHSA-hfq9-hggm-c56q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fcg2-x3s5-wudk
1
url VCID-g6p1-25m8-hyak
vulnerability_id VCID-g6p1-25m8-hyak
summary 
JSON-lib mishandles an unbalanced comment string
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47855.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47855.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47855
reference_id
reference_type
scores
0
value 0.04347
scoring_system epss
scoring_elements 0.88948
published_at 2026-04-21T12:55:00Z
1
value 0.04347
scoring_system epss
scoring_elements 0.88952
published_at 2026-04-18T12:55:00Z
2
value 0.04347
scoring_system epss
scoring_elements 0.88954
published_at 2026-04-16T12:55:00Z
3
value 0.04347
scoring_system epss
scoring_elements 0.88941
published_at 2026-04-13T12:55:00Z
4
value 0.04347
scoring_system epss
scoring_elements 0.88947
published_at 2026-04-11T12:55:00Z
5
value 0.04347
scoring_system epss
scoring_elements 0.88935
published_at 2026-04-09T12:55:00Z
6
value 0.04347
scoring_system epss
scoring_elements 0.8893
published_at 2026-04-08T12:55:00Z
7
value 0.04347
scoring_system epss
scoring_elements 0.88912
published_at 2026-04-07T12:55:00Z
8
value 0.04347
scoring_system epss
scoring_elements 0.8891
published_at 2026-04-04T12:55:00Z
9
value 0.04347
scoring_system epss
scoring_elements 0.88894
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47855
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47855
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/kordamp/json-lib
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kordamp/json-lib
5
reference_url https://github.com/kordamp/json-lib/blob/35a1f2aa22bac260438c0cf2399549311b5a21aa/pom.xml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kordamp/json-lib/blob/35a1f2aa22bac260438c0cf2399549311b5a21aa/pom.xml
6
reference_url https://github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:10:57Z/
url https://github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78e
7
reference_url https://github.com/kordamp/json-lib/compare/v3.0.3...v3.1.0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:10:57Z/
url https://github.com/kordamp/json-lib/compare/v3.0.3...v3.1.0
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47855
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47855
9
reference_url https://sourceforge.net/projects/json-lib
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://sourceforge.net/projects/json-lib
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084191
reference_id 1084191
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084191
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2316421
reference_id 2316421
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2316421
12
reference_url https://github.com/advisories/GHSA-wwcp-26wc-3fxm
reference_id GHSA-wwcp-26wc-3fxm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wwcp-26wc-3fxm
13
reference_url https://access.redhat.com/errata/RHSA-2025:2218
reference_id RHSA-2025:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2218
14
reference_url https://access.redhat.com/errata/RHSA-2025:2219
reference_id RHSA-2025:2219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2219
15
reference_url https://access.redhat.com/errata/RHSA-2025:2220
reference_id RHSA-2025:2220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2220
16
reference_url https://access.redhat.com/errata/RHSA-2025:2221
reference_id RHSA-2025:2221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2221
17
reference_url https://access.redhat.com/errata/RHSA-2025:2222
reference_id RHSA-2025:2222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2222
18
reference_url https://access.redhat.com/errata/RHSA-2025:2223
reference_id RHSA-2025:2223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2223
fixed_packages
aliases CVE-2024-47855, GHSA-wwcp-26wc-3fxm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g6p1-25m8-hyak
2
url VCID-napj-3e58-nqav
vulnerability_id VCID-napj-3e58-nqav
summary 
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved. This allows attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved. Pipeline: Groovy Plugin 3993.v3e20a_37282f8 refuses to rebuild a build whose main (Jenkinsfile) script is unapproved.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52550.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52550.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52550
reference_id
reference_type
scores
0
value 0.01035
scoring_system epss
scoring_elements 0.77323
published_at 2026-04-02T12:55:00Z
1
value 0.014
scoring_system epss
scoring_elements 0.80451
published_at 2026-04-21T12:55:00Z
2
value 0.014
scoring_system epss
scoring_elements 0.80393
published_at 2026-04-04T12:55:00Z
3
value 0.014
scoring_system epss
scoring_elements 0.80382
published_at 2026-04-07T12:55:00Z
4
value 0.014
scoring_system epss
scoring_elements 0.80411
published_at 2026-04-08T12:55:00Z
5
value 0.014
scoring_system epss
scoring_elements 0.80421
published_at 2026-04-09T12:55:00Z
6
value 0.014
scoring_system epss
scoring_elements 0.80439
published_at 2026-04-11T12:55:00Z
7
value 0.014
scoring_system epss
scoring_elements 0.80424
published_at 2026-04-12T12:55:00Z
8
value 0.014
scoring_system epss
scoring_elements 0.80417
published_at 2026-04-13T12:55:00Z
9
value 0.014
scoring_system epss
scoring_elements 0.80447
published_at 2026-04-16T12:55:00Z
10
value 0.014
scoring_system epss
scoring_elements 0.80448
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52550
2
reference_url https://github.com/jenkinsci/workflow-cps-plugin
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-cps-plugin
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52550
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52550
4
reference_url https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3362
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-13T21:27:04Z/
url https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3362
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2326043
reference_id 2326043
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2326043
6
reference_url https://github.com/advisories/GHSA-mrpr-vr82-x88r
reference_id GHSA-mrpr-vr82-x88r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrpr-vr82-x88r
7
reference_url https://access.redhat.com/errata/RHSA-2025:2218
reference_id RHSA-2025:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2218
8
reference_url https://access.redhat.com/errata/RHSA-2025:2219
reference_id RHSA-2025:2219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2219
9
reference_url https://access.redhat.com/errata/RHSA-2025:2220
reference_id RHSA-2025:2220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2220
10
reference_url https://access.redhat.com/errata/RHSA-2025:2221
reference_id RHSA-2025:2221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2221
11
reference_url https://access.redhat.com/errata/RHSA-2025:2222
reference_id RHSA-2025:2222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2222
12
reference_url https://access.redhat.com/errata/RHSA-2025:2223
reference_id RHSA-2025:2223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2223
fixed_packages
aliases CVE-2024-52550, GHSA-mrpr-vr82-x88r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-napj-3e58-nqav
3
url VCID-pgad-nzjx-kkb5
vulnerability_id VCID-pgad-nzjx-kkb5
summary 
Insecure Temporary File usage in github.com/golang/glog
When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45339.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45339.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45339
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.2334
published_at 2026-04-21T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23361
published_at 2026-04-18T12:55:00Z
2
value 0.00079
scoring_system epss
scoring_elements 0.23476
published_at 2026-04-02T12:55:00Z
3
value 0.00079
scoring_system epss
scoring_elements 0.23366
published_at 2026-04-16T12:55:00Z
4
value 0.00079
scoring_system epss
scoring_elements 0.23348
published_at 2026-04-13T12:55:00Z
5
value 0.00079
scoring_system epss
scoring_elements 0.23402
published_at 2026-04-12T12:55:00Z
6
value 0.00079
scoring_system epss
scoring_elements 0.2344
published_at 2026-04-11T12:55:00Z
7
value 0.00079
scoring_system epss
scoring_elements 0.23513
published_at 2026-04-04T12:55:00Z
8
value 0.00079
scoring_system epss
scoring_elements 0.23297
published_at 2026-04-07T12:55:00Z
9
value 0.00079
scoring_system epss
scoring_elements 0.2342
published_at 2026-04-09T12:55:00Z
10
value 0.00079
scoring_system epss
scoring_elements 0.23369
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45339
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45339
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45339
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/golang/glog
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/glog
5
reference_url https://github.com/golang/glog/pull/74
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T14:57:36Z/
url https://github.com/golang/glog/pull/74
6
reference_url https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T14:57:36Z/
url https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2
7
reference_url https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T14:57:36Z/
url https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs
8
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00019.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00019.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45339
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45339
10
reference_url https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T14:57:36Z/
url https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File
11
reference_url https://pkg.go.dev/vuln/GO-2025-3372
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T14:57:36Z/
url https://pkg.go.dev/vuln/GO-2025-3372
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094733
reference_id 1094733
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094733
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2342463
reference_id 2342463
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2342463
14
reference_url https://access.redhat.com/errata/RHSA-2025:11673
reference_id RHSA-2025:11673
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11673
15
reference_url https://access.redhat.com/errata/RHSA-2025:11675
reference_id RHSA-2025:11675
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11675
16
reference_url https://access.redhat.com/errata/RHSA-2025:11679
reference_id RHSA-2025:11679
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11679
17
reference_url https://access.redhat.com/errata/RHSA-2025:12325
reference_id RHSA-2025:12325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12325
18
reference_url https://access.redhat.com/errata/RHSA-2025:12341
reference_id RHSA-2025:12341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12341
19
reference_url https://access.redhat.com/errata/RHSA-2025:12370
reference_id RHSA-2025:12370
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12370
20
reference_url https://access.redhat.com/errata/RHSA-2025:12372
reference_id RHSA-2025:12372
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12372
21
reference_url https://access.redhat.com/errata/RHSA-2025:12437
reference_id RHSA-2025:12437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12437
22
reference_url https://access.redhat.com/errata/RHSA-2025:12439
reference_id RHSA-2025:12439
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12439
23
reference_url https://access.redhat.com/errata/RHSA-2025:13289
reference_id RHSA-2025:13289
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13289
24
reference_url https://access.redhat.com/errata/RHSA-2025:13291
reference_id RHSA-2025:13291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13291
25
reference_url https://access.redhat.com/errata/RHSA-2025:13325
reference_id RHSA-2025:13325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13325
26
reference_url https://access.redhat.com/errata/RHSA-2025:13327
reference_id RHSA-2025:13327
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13327
27
reference_url https://access.redhat.com/errata/RHSA-2025:13336
reference_id RHSA-2025:13336
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13336
28
reference_url https://access.redhat.com/errata/RHSA-2025:13338
reference_id RHSA-2025:13338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13338
29
reference_url https://access.redhat.com/errata/RHSA-2025:13848
reference_id RHSA-2025:13848
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13848
30
reference_url https://access.redhat.com/errata/RHSA-2025:13849
reference_id RHSA-2025:13849
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13849
31
reference_url https://access.redhat.com/errata/RHSA-2025:14060
reference_id RHSA-2025:14060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14060
32
reference_url https://access.redhat.com/errata/RHSA-2025:14061
reference_id RHSA-2025:14061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14061
33
reference_url https://access.redhat.com/errata/RHSA-2025:14398
reference_id RHSA-2025:14398
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14398
34
reference_url https://access.redhat.com/errata/RHSA-2025:1448
reference_id RHSA-2025:1448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1448
35
reference_url https://access.redhat.com/errata/RHSA-2025:14820
reference_id RHSA-2025:14820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14820
36
reference_url https://access.redhat.com/errata/RHSA-2025:14821
reference_id RHSA-2025:14821
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14821
37
reference_url https://access.redhat.com/errata/RHSA-2025:14855
reference_id RHSA-2025:14855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14855
38
reference_url https://access.redhat.com/errata/RHSA-2025:14856
reference_id RHSA-2025:14856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14856
39
reference_url https://access.redhat.com/errata/RHSA-2025:14859
reference_id RHSA-2025:14859
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14859
40
reference_url https://access.redhat.com/errata/RHSA-2025:14860
reference_id RHSA-2025:14860
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14860
41
reference_url https://access.redhat.com/errata/RHSA-2025:15332
reference_id RHSA-2025:15332
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15332
42
reference_url https://access.redhat.com/errata/RHSA-2025:15333
reference_id RHSA-2025:15333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15333
43
reference_url https://access.redhat.com/errata/RHSA-2025:15673
reference_id RHSA-2025:15673
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15673
44
reference_url https://access.redhat.com/errata/RHSA-2025:15674
reference_id RHSA-2025:15674
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15674
45
reference_url https://access.redhat.com/errata/RHSA-2025:16160
reference_id RHSA-2025:16160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16160
46
reference_url https://access.redhat.com/errata/RHSA-2025:16161
reference_id RHSA-2025:16161
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16161
47
reference_url https://access.redhat.com/errata/RHSA-2025:16526
reference_id RHSA-2025:16526
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16526
48
reference_url https://access.redhat.com/errata/RHSA-2025:16527
reference_id RHSA-2025:16527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16527
49
reference_url https://access.redhat.com/errata/RHSA-2025:16529
reference_id RHSA-2025:16529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16529
50
reference_url https://access.redhat.com/errata/RHSA-2025:16530
reference_id RHSA-2025:16530
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16530
51
reference_url https://access.redhat.com/errata/RHSA-2025:16534
reference_id RHSA-2025:16534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16534
52
reference_url https://access.redhat.com/errata/RHSA-2025:17671
reference_id RHSA-2025:17671
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17671
53
reference_url https://access.redhat.com/errata/RHSA-2025:17672
reference_id RHSA-2025:17672
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17672
54
reference_url https://access.redhat.com/errata/RHSA-2025:19356
reference_id RHSA-2025:19356
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19356
55
reference_url https://access.redhat.com/errata/RHSA-2025:19357
reference_id RHSA-2025:19357
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19357
56
reference_url https://access.redhat.com/errata/RHSA-2025:2223
reference_id RHSA-2025:2223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2223
57
reference_url https://access.redhat.com/errata/RHSA-2025:22863
reference_id RHSA-2025:22863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22863
58
reference_url https://access.redhat.com/errata/RHSA-2025:3368
reference_id RHSA-2025:3368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3368
59
reference_url https://access.redhat.com/errata/RHSA-2025:3397
reference_id RHSA-2025:3397
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3397
60
reference_url https://access.redhat.com/errata/RHSA-2025:9562
reference_id RHSA-2025:9562
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9562
61
reference_url https://access.redhat.com/errata/RHSA-2025:9563
reference_id RHSA-2025:9563
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9563
fixed_packages
aliases CVE-2024-45339, GHSA-6wxm-mpqj-6jpf
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pgad-nzjx-kkb5
4
url VCID-rx46-cr1m-uuge
vulnerability_id VCID-rx46-cr1m-uuge
summary 
Missing permission check in Jenkins Script Security Plugin
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. This allows attackers with Overall/Read permission to check for the existence of files on the controller file system. Script Security Plugin 1368.vb_b_402e3547e7 requires Overall/Administer permission for the affected form validation method.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52549.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52549.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52549
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42427
published_at 2026-04-02T12:55:00Z
1
value 0.00276
scoring_system epss
scoring_elements 0.51065
published_at 2026-04-21T12:55:00Z
2
value 0.00276
scoring_system epss
scoring_elements 0.51028
published_at 2026-04-04T12:55:00Z
3
value 0.00276
scoring_system epss
scoring_elements 0.50986
published_at 2026-04-07T12:55:00Z
4
value 0.00276
scoring_system epss
scoring_elements 0.51043
published_at 2026-04-08T12:55:00Z
5
value 0.00276
scoring_system epss
scoring_elements 0.51039
published_at 2026-04-09T12:55:00Z
6
value 0.00276
scoring_system epss
scoring_elements 0.51082
published_at 2026-04-16T12:55:00Z
7
value 0.00276
scoring_system epss
scoring_elements 0.51061
published_at 2026-04-12T12:55:00Z
8
value 0.00276
scoring_system epss
scoring_elements 0.51044
published_at 2026-04-13T12:55:00Z
9
value 0.00276
scoring_system epss
scoring_elements 0.51088
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52549
2
reference_url https://github.com/jenkinsci/script-security-plugin
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52549
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52549
4
reference_url https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3447
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T21:35:27Z/
url https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3447
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2326034
reference_id 2326034
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2326034
6
reference_url https://github.com/advisories/GHSA-jv82-75fh-23r7
reference_id GHSA-jv82-75fh-23r7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jv82-75fh-23r7
7
reference_url https://access.redhat.com/errata/RHSA-2025:2218
reference_id RHSA-2025:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2218
8
reference_url https://access.redhat.com/errata/RHSA-2025:2219
reference_id RHSA-2025:2219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2219
9
reference_url https://access.redhat.com/errata/RHSA-2025:2220
reference_id RHSA-2025:2220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2220
10
reference_url https://access.redhat.com/errata/RHSA-2025:2221
reference_id RHSA-2025:2221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2221
11
reference_url https://access.redhat.com/errata/RHSA-2025:2222
reference_id RHSA-2025:2222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2222
12
reference_url https://access.redhat.com/errata/RHSA-2025:2223
reference_id RHSA-2025:2223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2223
fixed_packages
aliases CVE-2024-52549, GHSA-jv82-75fh-23r7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rx46-cr1m-uuge
5
url VCID-ufjq-w47y-3qeq
vulnerability_id VCID-ufjq-w47y-3qeq
summary 
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. This allows attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. Pipeline: Declarative Plugin 2.2218.v56d0cda_37c72 refuses to restart a build whose main (Jenkinsfile) script is unapproved.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52551.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52551.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52551
reference_id
reference_type
scores
0
value 0.00404
scoring_system epss
scoring_elements 0.60916
published_at 2026-04-02T12:55:00Z
1
value 0.00549
scoring_system epss
scoring_elements 0.67947
published_at 2026-04-21T12:55:00Z
2
value 0.00549
scoring_system epss
scoring_elements 0.67897
published_at 2026-04-04T12:55:00Z
3
value 0.00549
scoring_system epss
scoring_elements 0.67876
published_at 2026-04-07T12:55:00Z
4
value 0.00549
scoring_system epss
scoring_elements 0.67927
published_at 2026-04-08T12:55:00Z
5
value 0.00549
scoring_system epss
scoring_elements 0.67941
published_at 2026-04-09T12:55:00Z
6
value 0.00549
scoring_system epss
scoring_elements 0.67965
published_at 2026-04-11T12:55:00Z
7
value 0.00549
scoring_system epss
scoring_elements 0.67951
published_at 2026-04-12T12:55:00Z
8
value 0.00549
scoring_system epss
scoring_elements 0.67915
published_at 2026-04-13T12:55:00Z
9
value 0.00549
scoring_system epss
scoring_elements 0.67953
published_at 2026-04-16T12:55:00Z
10
value 0.00549
scoring_system epss
scoring_elements 0.67966
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52551
2
reference_url https://github.com/jenkinsci/pipeline-model-definition-plugin
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-model-definition-plugin
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52551
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52551
4
reference_url https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3361
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T15:01:46Z/
url https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3361
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2326047
reference_id 2326047
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2326047
6
reference_url https://github.com/advisories/GHSA-p2qq-c693-q53w
reference_id GHSA-p2qq-c693-q53w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p2qq-c693-q53w
7
reference_url https://access.redhat.com/errata/RHSA-2025:2218
reference_id RHSA-2025:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2218
8
reference_url https://access.redhat.com/errata/RHSA-2025:2219
reference_id RHSA-2025:2219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2219
9
reference_url https://access.redhat.com/errata/RHSA-2025:2220
reference_id RHSA-2025:2220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2220
10
reference_url https://access.redhat.com/errata/RHSA-2025:2221
reference_id RHSA-2025:2221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2221
11
reference_url https://access.redhat.com/errata/RHSA-2025:2222
reference_id RHSA-2025:2222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2222
12
reference_url https://access.redhat.com/errata/RHSA-2025:2223
reference_id RHSA-2025:2223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2223
fixed_packages
aliases CVE-2024-52551, GHSA-p2qq-c693-q53w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ufjq-w47y-3qeq
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.12.1740464689-1%3Farch=el8