Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins@2.479.3.1740464433-3?arch=el8
Typerpm
Namespaceredhat
Namejenkins
Version2.479.3.1740464433-3
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-fcg2-x3s5-wudk
vulnerability_id VCID-fcg2-x3s5-wudk
summary 
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
### Impact
The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver.

### Patches
XStream 1.4.21 detects the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead.

### Workarounds
The only solution is to catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.

### References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2024-47072](https://x-stream.github.io/CVE-2024-47072.html).

### Credits
Alexis Challande of Trail Of Bits found and reported the issue to XStream and provided the required information to reproduce it.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47072.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47072.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47072
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49494
published_at 2026-04-18T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49496
published_at 2026-04-16T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.4945
published_at 2026-04-13T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49448
published_at 2026-04-12T12:55:00Z
4
value 0.00261
scoring_system epss
scoring_elements 0.49429
published_at 2026-04-02T12:55:00Z
5
value 0.00261
scoring_system epss
scoring_elements 0.49409
published_at 2026-04-07T12:55:00Z
6
value 0.00261
scoring_system epss
scoring_elements 0.49464
published_at 2026-04-21T12:55:00Z
7
value 0.00261
scoring_system epss
scoring_elements 0.49459
published_at 2026-04-09T12:55:00Z
8
value 0.00261
scoring_system epss
scoring_elements 0.49455
published_at 2026-04-04T12:55:00Z
9
value 0.00261
scoring_system epss
scoring_elements 0.49476
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47072
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47072
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47072
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
5
reference_url https://github.com/x-stream/xstream/commit/bb838ce2269cac47433e31c77b2b236466e9f266
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T15:17:42Z/
url https://github.com/x-stream/xstream/commit/bb838ce2269cac47433e31c77b2b236466e9f266
6
reference_url https://github.com/x-stream/xstream/commit/fdd9f7d3de0d7ccf2f9979bcd09fbf3e6a0c881a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/commit/fdd9f7d3de0d7ccf2f9979bcd09fbf3e6a0c881a
7
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T15:17:42Z/
url https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q
8
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47072
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47072
10
reference_url https://x-stream.github.io/CVE-2024-47072.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T15:17:42Z/
url https://x-stream.github.io/CVE-2024-47072.html
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087274
reference_id 1087274
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087274
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2324606
reference_id 2324606
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2324606
13
reference_url https://github.com/advisories/GHSA-hfq9-hggm-c56q
reference_id GHSA-hfq9-hggm-c56q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hfq9-hggm-c56q
14
reference_url https://access.redhat.com/errata/RHSA-2024:10214
reference_id RHSA-2024:10214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10214
15
reference_url https://access.redhat.com/errata/RHSA-2025:2218
reference_id RHSA-2025:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2218
16
reference_url https://access.redhat.com/errata/RHSA-2025:2219
reference_id RHSA-2025:2219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2219
17
reference_url https://access.redhat.com/errata/RHSA-2025:2220
reference_id RHSA-2025:2220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2220
18
reference_url https://access.redhat.com/errata/RHSA-2025:2221
reference_id RHSA-2025:2221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2221
19
reference_url https://access.redhat.com/errata/RHSA-2025:2222
reference_id RHSA-2025:2222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2222
20
reference_url https://access.redhat.com/errata/RHSA-2025:2223
reference_id RHSA-2025:2223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2223
fixed_packages
aliases CVE-2024-47072, GHSA-hfq9-hggm-c56q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fcg2-x3s5-wudk
1
url VCID-g6p1-25m8-hyak
vulnerability_id VCID-g6p1-25m8-hyak
summary 
JSON-lib mishandles an unbalanced comment string
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47855.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47855.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47855
reference_id
reference_type
scores
0
value 0.04347
scoring_system epss
scoring_elements 0.88948
published_at 2026-04-21T12:55:00Z
1
value 0.04347
scoring_system epss
scoring_elements 0.88952
published_at 2026-04-18T12:55:00Z
2
value 0.04347
scoring_system epss
scoring_elements 0.88954
published_at 2026-04-16T12:55:00Z
3
value 0.04347
scoring_system epss
scoring_elements 0.88941
published_at 2026-04-13T12:55:00Z
4
value 0.04347
scoring_system epss
scoring_elements 0.88947
published_at 2026-04-11T12:55:00Z
5
value 0.04347
scoring_system epss
scoring_elements 0.88935
published_at 2026-04-09T12:55:00Z
6
value 0.04347
scoring_system epss
scoring_elements 0.8893
published_at 2026-04-08T12:55:00Z
7
value 0.04347
scoring_system epss
scoring_elements 0.88912
published_at 2026-04-07T12:55:00Z
8
value 0.04347
scoring_system epss
scoring_elements 0.8891
published_at 2026-04-04T12:55:00Z
9
value 0.04347
scoring_system epss
scoring_elements 0.88894
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47855
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47855
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/kordamp/json-lib
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kordamp/json-lib
5
reference_url https://github.com/kordamp/json-lib/blob/35a1f2aa22bac260438c0cf2399549311b5a21aa/pom.xml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kordamp/json-lib/blob/35a1f2aa22bac260438c0cf2399549311b5a21aa/pom.xml
6
reference_url https://github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:10:57Z/
url https://github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78e
7
reference_url https://github.com/kordamp/json-lib/compare/v3.0.3...v3.1.0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:10:57Z/
url https://github.com/kordamp/json-lib/compare/v3.0.3...v3.1.0
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47855
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47855
9
reference_url https://sourceforge.net/projects/json-lib
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://sourceforge.net/projects/json-lib
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084191
reference_id 1084191
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084191
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2316421
reference_id 2316421
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2316421
12
reference_url https://github.com/advisories/GHSA-wwcp-26wc-3fxm
reference_id GHSA-wwcp-26wc-3fxm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wwcp-26wc-3fxm
13
reference_url https://access.redhat.com/errata/RHSA-2025:2218
reference_id RHSA-2025:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2218
14
reference_url https://access.redhat.com/errata/RHSA-2025:2219
reference_id RHSA-2025:2219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2219
15
reference_url https://access.redhat.com/errata/RHSA-2025:2220
reference_id RHSA-2025:2220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2220
16
reference_url https://access.redhat.com/errata/RHSA-2025:2221
reference_id RHSA-2025:2221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2221
17
reference_url https://access.redhat.com/errata/RHSA-2025:2222
reference_id RHSA-2025:2222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2222
18
reference_url https://access.redhat.com/errata/RHSA-2025:2223
reference_id RHSA-2025:2223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2223
fixed_packages
aliases CVE-2024-47855, GHSA-wwcp-26wc-3fxm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g6p1-25m8-hyak
2
url VCID-napj-3e58-nqav
vulnerability_id VCID-napj-3e58-nqav
summary 
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved. This allows attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved. Pipeline: Groovy Plugin 3993.v3e20a_37282f8 refuses to rebuild a build whose main (Jenkinsfile) script is unapproved.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52550.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52550.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52550
reference_id
reference_type
scores
0
value 0.01035
scoring_system epss
scoring_elements 0.77323
published_at 2026-04-02T12:55:00Z
1
value 0.014
scoring_system epss
scoring_elements 0.80451
published_at 2026-04-21T12:55:00Z
2
value 0.014
scoring_system epss
scoring_elements 0.80393
published_at 2026-04-04T12:55:00Z
3
value 0.014
scoring_system epss
scoring_elements 0.80382
published_at 2026-04-07T12:55:00Z
4
value 0.014
scoring_system epss
scoring_elements 0.80411
published_at 2026-04-08T12:55:00Z
5
value 0.014
scoring_system epss
scoring_elements 0.80421
published_at 2026-04-09T12:55:00Z
6
value 0.014
scoring_system epss
scoring_elements 0.80439
published_at 2026-04-11T12:55:00Z
7
value 0.014
scoring_system epss
scoring_elements 0.80424
published_at 2026-04-12T12:55:00Z
8
value 0.014
scoring_system epss
scoring_elements 0.80417
published_at 2026-04-13T12:55:00Z
9
value 0.014
scoring_system epss
scoring_elements 0.80447
published_at 2026-04-16T12:55:00Z
10
value 0.014
scoring_system epss
scoring_elements 0.80448
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52550
2
reference_url https://github.com/jenkinsci/workflow-cps-plugin
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-cps-plugin
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52550
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52550
4
reference_url https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3362
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-13T21:27:04Z/
url https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3362
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2326043
reference_id 2326043
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2326043
6
reference_url https://github.com/advisories/GHSA-mrpr-vr82-x88r
reference_id GHSA-mrpr-vr82-x88r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrpr-vr82-x88r
7
reference_url https://access.redhat.com/errata/RHSA-2025:2218
reference_id RHSA-2025:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2218
8
reference_url https://access.redhat.com/errata/RHSA-2025:2219
reference_id RHSA-2025:2219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2219
9
reference_url https://access.redhat.com/errata/RHSA-2025:2220
reference_id RHSA-2025:2220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2220
10
reference_url https://access.redhat.com/errata/RHSA-2025:2221
reference_id RHSA-2025:2221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2221
11
reference_url https://access.redhat.com/errata/RHSA-2025:2222
reference_id RHSA-2025:2222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2222
12
reference_url https://access.redhat.com/errata/RHSA-2025:2223
reference_id RHSA-2025:2223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2223
fixed_packages
aliases CVE-2024-52550, GHSA-mrpr-vr82-x88r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-napj-3e58-nqav
3
url VCID-rx46-cr1m-uuge
vulnerability_id VCID-rx46-cr1m-uuge
summary 
Missing permission check in Jenkins Script Security Plugin
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. This allows attackers with Overall/Read permission to check for the existence of files on the controller file system. Script Security Plugin 1368.vb_b_402e3547e7 requires Overall/Administer permission for the affected form validation method.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52549.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52549.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52549
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42427
published_at 2026-04-02T12:55:00Z
1
value 0.00276
scoring_system epss
scoring_elements 0.51065
published_at 2026-04-21T12:55:00Z
2
value 0.00276
scoring_system epss
scoring_elements 0.51028
published_at 2026-04-04T12:55:00Z
3
value 0.00276
scoring_system epss
scoring_elements 0.50986
published_at 2026-04-07T12:55:00Z
4
value 0.00276
scoring_system epss
scoring_elements 0.51043
published_at 2026-04-08T12:55:00Z
5
value 0.00276
scoring_system epss
scoring_elements 0.51039
published_at 2026-04-09T12:55:00Z
6
value 0.00276
scoring_system epss
scoring_elements 0.51082
published_at 2026-04-16T12:55:00Z
7
value 0.00276
scoring_system epss
scoring_elements 0.51061
published_at 2026-04-12T12:55:00Z
8
value 0.00276
scoring_system epss
scoring_elements 0.51044
published_at 2026-04-13T12:55:00Z
9
value 0.00276
scoring_system epss
scoring_elements 0.51088
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52549
2
reference_url https://github.com/jenkinsci/script-security-plugin
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52549
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52549
4
reference_url https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3447
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T21:35:27Z/
url https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3447
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2326034
reference_id 2326034
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2326034
6
reference_url https://github.com/advisories/GHSA-jv82-75fh-23r7
reference_id GHSA-jv82-75fh-23r7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jv82-75fh-23r7
7
reference_url https://access.redhat.com/errata/RHSA-2025:2218
reference_id RHSA-2025:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2218
8
reference_url https://access.redhat.com/errata/RHSA-2025:2219
reference_id RHSA-2025:2219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2219
9
reference_url https://access.redhat.com/errata/RHSA-2025:2220
reference_id RHSA-2025:2220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2220
10
reference_url https://access.redhat.com/errata/RHSA-2025:2221
reference_id RHSA-2025:2221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2221
11
reference_url https://access.redhat.com/errata/RHSA-2025:2222
reference_id RHSA-2025:2222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2222
12
reference_url https://access.redhat.com/errata/RHSA-2025:2223
reference_id RHSA-2025:2223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2223
fixed_packages
aliases CVE-2024-52549, GHSA-jv82-75fh-23r7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rx46-cr1m-uuge
4
url VCID-ufjq-w47y-3qeq
vulnerability_id VCID-ufjq-w47y-3qeq
summary 
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. This allows attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. Pipeline: Declarative Plugin 2.2218.v56d0cda_37c72 refuses to restart a build whose main (Jenkinsfile) script is unapproved.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52551.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52551.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52551
reference_id
reference_type
scores
0
value 0.00404
scoring_system epss
scoring_elements 0.60916
published_at 2026-04-02T12:55:00Z
1
value 0.00549
scoring_system epss
scoring_elements 0.67947
published_at 2026-04-21T12:55:00Z
2
value 0.00549
scoring_system epss
scoring_elements 0.67897
published_at 2026-04-04T12:55:00Z
3
value 0.00549
scoring_system epss
scoring_elements 0.67876
published_at 2026-04-07T12:55:00Z
4
value 0.00549
scoring_system epss
scoring_elements 0.67927
published_at 2026-04-08T12:55:00Z
5
value 0.00549
scoring_system epss
scoring_elements 0.67941
published_at 2026-04-09T12:55:00Z
6
value 0.00549
scoring_system epss
scoring_elements 0.67965
published_at 2026-04-11T12:55:00Z
7
value 0.00549
scoring_system epss
scoring_elements 0.67951
published_at 2026-04-12T12:55:00Z
8
value 0.00549
scoring_system epss
scoring_elements 0.67915
published_at 2026-04-13T12:55:00Z
9
value 0.00549
scoring_system epss
scoring_elements 0.67953
published_at 2026-04-16T12:55:00Z
10
value 0.00549
scoring_system epss
scoring_elements 0.67966
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52551
2
reference_url https://github.com/jenkinsci/pipeline-model-definition-plugin
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-model-definition-plugin
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52551
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52551
4
reference_url https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3361
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T15:01:46Z/
url https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3361
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2326047
reference_id 2326047
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2326047
6
reference_url https://github.com/advisories/GHSA-p2qq-c693-q53w
reference_id GHSA-p2qq-c693-q53w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p2qq-c693-q53w
7
reference_url https://access.redhat.com/errata/RHSA-2025:2218
reference_id RHSA-2025:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2218
8
reference_url https://access.redhat.com/errata/RHSA-2025:2219
reference_id RHSA-2025:2219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2219
9
reference_url https://access.redhat.com/errata/RHSA-2025:2220
reference_id RHSA-2025:2220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2220
10
reference_url https://access.redhat.com/errata/RHSA-2025:2221
reference_id RHSA-2025:2221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2221
11
reference_url https://access.redhat.com/errata/RHSA-2025:2222
reference_id RHSA-2025:2222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2222
12
reference_url https://access.redhat.com/errata/RHSA-2025:2223
reference_id RHSA-2025:2223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2223
fixed_packages
aliases CVE-2024-52551, GHSA-p2qq-c693-q53w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ufjq-w47y-3qeq
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.479.3.1740464433-3%3Farch=el8