Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/jenkins-2-plugins@4.14.1706516441-1?arch=el8

Type rpm

Namespace redhat

Name jenkins-2-plugins

Version 4.14.1706516441-1

Qualifiers

arch	el8

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-17sn-57uv-gkg3

vulnerability_id

VCID-17sn-57uv-gkg3

summary

Jenkins Folders Plugin information disclosure vulnerability
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40338.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40338.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-40338

reference_id

reference_type

scores

value	0.00109
scoring_system	epss
scoring_elements	0.29104
published_at	2026-04-21T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29137
published_at	2026-04-07T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29202
published_at	2026-04-12T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29242
published_at	2026-04-09T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29247
published_at	2026-04-11T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29149
published_at	2026-04-13T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29176
published_at	2026-04-16T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29153
published_at	2026-04-18T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29275
published_at	2026-04-02T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29325
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-40338

reference_url

https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109

reference_url

http://www.openwall.com/lists/oss-security/2023/08/16/3

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/08/16/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2232426
reference_id	2232426
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2232426

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-40338

reference_id

CVE-2023-40338

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-40338

reference_url

https://github.com/advisories/GHSA-36hq-v2fc-rpqp

reference_id

GHSA-36hq-v2fc-rpqp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-36hq-v2fc-rpqp

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

aliases

CVE-2023-40338, GHSA-36hq-v2fc-rpqp

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-17sn-57uv-gkg3

url

VCID-19j2-jvgt-mkg6

vulnerability_id

VCID-19j2-jvgt-mkg6

summary

Cross-Site Request Forgery (CSRF)
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40336.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40336.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-40336

reference_id

reference_type

scores

value	0.00117
scoring_system	epss
scoring_elements	0.30317
published_at	2026-04-21T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.3036
published_at	2026-04-18T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30379
published_at	2026-04-16T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30362
published_at	2026-04-13T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.3041
published_at	2026-04-12T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30357
published_at	2026-04-07T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30417
published_at	2026-04-08T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.305
published_at	2026-04-02T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30455
published_at	2026-04-11T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30452
published_at	2026-04-09T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30546
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-40336

reference_url

https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T18:32:33Z/

url

https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106

reference_url

http://www.openwall.com/lists/oss-security/2023/08/16/3

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T18:32:33Z/

url

http://www.openwall.com/lists/oss-security/2023/08/16/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2232424
reference_id	2232424
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2232424

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-40336

reference_id

CVE-2023-40336

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-40336

reference_url

https://github.com/advisories/GHSA-4vqp-pcm3-73xp

reference_id

GHSA-4vqp-pcm3-73xp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4vqp-pcm3-73xp

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

fixed_packages

aliases

CVE-2023-40336, GHSA-4vqp-pcm3-73xp

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-19j2-jvgt-mkg6

url

VCID-2a3h-6wad-63gc

vulnerability_id

VCID-2a3h-6wad-63gc

summary

URL Redirection to Untrusted Site ('Open Redirect')
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37947.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37947.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-37947

reference_id

reference_type

scores

value	0.00082
scoring_system	epss
scoring_elements	0.24176
published_at	2026-04-04T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24139
published_at	2026-04-02T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.2804
published_at	2026-04-18T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28031
published_at	2026-04-07T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28098
published_at	2026-04-08T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28141
published_at	2026-04-09T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28148
published_at	2026-04-11T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28104
published_at	2026-04-12T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28047
published_at	2026-04-13T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28057
published_at	2026-04-16T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27994
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-37947

reference_url

https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2999

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:56:27Z/

url

https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2999

reference_url

http://www.openwall.com/lists/oss-security/2023/07/12/2

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:56:27Z/

url

http://www.openwall.com/lists/oss-security/2023/07/12/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2222710
reference_id	2222710
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2222710

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-37947

reference_id

CVE-2023-37947

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-37947

reference_url

https://github.com/advisories/GHSA-35gf-xjgf-96c5

reference_id

GHSA-35gf-xjgf-96c5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-35gf-xjgf-96c5

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

aliases

CVE-2023-37947, GHSA-35gf-xjgf-96c5

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-2a3h-6wad-63gc

url

VCID-5bu5-5b6n-nuft

vulnerability_id

VCID-5bu5-5b6n-nuft

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24422

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07636
published_at	2026-04-21T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07494
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07507
published_at	2026-04-16T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07582
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07595
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07607
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0753
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07548
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07589
published_at	2026-04-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07508
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07609
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24422

reference_url

https://github.com/jenkinsci/script-security-plugin

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/script-security-plugin

reference_url

https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73

reference_url

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T14:29:50Z/

url

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164278
reference_id	2164278
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164278

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24422

reference_id

CVE-2023-24422

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24422

reference_url

https://github.com/advisories/GHSA-76qj-9gwh-pvv3

reference_id

GHSA-76qj-9gwh-pvv3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-76qj-9gwh-pvv3

reference_url	https://access.redhat.com/errata/RHSA-2023:1655
reference_id	RHSA-2023:1655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1655

reference_url	https://access.redhat.com/errata/RHSA-2023:3195
reference_id	RHSA-2023:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3195

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3299
reference_id	RHSA-2023:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3299

reference_url	https://access.redhat.com/errata/RHSA-2023:3610
reference_id	RHSA-2023:3610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3610

reference_url	https://access.redhat.com/errata/RHSA-2023:6171
reference_id	RHSA-2023:6171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6171

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

aliases

CVE-2023-24422, GHSA-76qj-9gwh-pvv3

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-5bu5-5b6n-nuft

url

VCID-955x-hg4a-5kc3

vulnerability_id

VCID-955x-hg4a-5kc3

summary

Session Fixation
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37946.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37946.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-37946

reference_id

reference_type

scores

value	0.00081
scoring_system	epss
scoring_elements	0.23881
published_at	2026-04-02T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23922
published_at	2026-04-04T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27816
published_at	2026-04-16T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27749
published_at	2026-04-21T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27799
published_at	2026-04-07T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27866
published_at	2026-04-08T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27908
published_at	2026-04-09T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27909
published_at	2026-04-11T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27867
published_at	2026-04-12T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27809
published_at	2026-04-13T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27793
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-37946

reference_url

https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:57:26Z/

url

https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998

reference_url

http://www.openwall.com/lists/oss-security/2023/07/12/2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:57:26Z/

url

http://www.openwall.com/lists/oss-security/2023/07/12/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2222709
reference_id	2222709
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2222709

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-37946

reference_id

CVE-2023-37946

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-37946

reference_url

https://github.com/advisories/GHSA-rwg5-2pv9-633w

reference_id

GHSA-rwg5-2pv9-633w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rwg5-2pv9-633w

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

fixed_packages

aliases

CVE-2023-37946, GHSA-rwg5-2pv9-633w

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-955x-hg4a-5kc3

url

VCID-a1eu-yahc-ffgr

vulnerability_id

VCID-a1eu-yahc-ffgr

summary

Cross-Site Request Forgery (CSRF)
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40337.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40337.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-40337

reference_id

reference_type

scores

value	0.00062
scoring_system	epss
scoring_elements	0.19233
published_at	2026-04-18T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19234
published_at	2026-04-07T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19311
published_at	2026-04-08T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19363
published_at	2026-04-09T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19366
published_at	2026-04-11T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19317
published_at	2026-04-12T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19262
published_at	2026-04-13T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19224
published_at	2026-04-16T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19469
published_at	2026-04-02T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19247
published_at	2026-04-21T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19517
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-40337

reference_url

https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T17:51:52Z/

url

https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105

reference_url

http://www.openwall.com/lists/oss-security/2023/08/16/3

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T17:51:52Z/

url

http://www.openwall.com/lists/oss-security/2023/08/16/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2232425
reference_id	2232425
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2232425

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-40337

reference_id

CVE-2023-40337

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-40337

reference_url

https://github.com/advisories/GHSA-22c3-whjv-hrfm

reference_id

GHSA-22c3-whjv-hrfm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-22c3-whjv-hrfm

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

aliases

CVE-2023-40337, GHSA-22c3-whjv-hrfm

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-a1eu-yahc-ffgr

url

VCID-fnpa-1sqy-u7hw

vulnerability_id

VCID-fnpa-1sqy-u7hw

summary

Guava vulnerable to insecure use of temporary directory
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2976.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2976.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-2976

reference_id

reference_type

scores

value	0.00065
scoring_system	epss
scoring_elements	0.20171
published_at	2026-04-21T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20326
published_at	2026-04-02T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20385
published_at	2026-04-04T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20109
published_at	2026-04-07T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20189
published_at	2026-04-08T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20247
published_at	2026-04-09T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20271
published_at	2026-04-11T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20227
published_at	2026-04-12T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20166
published_at	2026-04-13T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20159
published_at	2026-04-16T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20163
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-2976

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/google/guava

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/google/guava

reference_url

https://github.com/google/guava/commit/feb83a1c8fd2e7670b244d5afd23cba5aca43284

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/google/guava/commit/feb83a1c8fd2e7670b244d5afd23cba5aca43284

reference_url

https://github.com/google/guava/issues/2575

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-18T04:00:21Z/

url

https://github.com/google/guava/issues/2575

reference_url

https://github.com/google/guava/issues/6532

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/google/guava/issues/6532

reference_url

https://github.com/google/guava/releases/tag/v32.0.0

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/google/guava/releases/tag/v32.0.0

reference_url

https://security.netapp.com/advisory/ntap-20230818-0008

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230818-0008

reference_url

https://security.netapp.com/advisory/ntap-20241108-0002

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241108-0002

reference_url

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-18T04:00:21Z/

url

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038979
reference_id	1038979
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038979

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2215229
reference_id	2215229
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2215229

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-2976

reference_id

CVE-2023-2976

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-2976

reference_url

https://github.com/advisories/GHSA-7g45-4rm6-3mm3

reference_id

GHSA-7g45-4rm6-3mm3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7g45-4rm6-3mm3

reference_url

https://security.netapp.com/advisory/ntap-20230818-0008/

reference_id

ntap-20230818-0008

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-18T04:00:21Z/

url

https://security.netapp.com/advisory/ntap-20230818-0008/

reference_url	https://access.redhat.com/errata/RHSA-2023:5165
reference_id	RHSA-2023:5165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5165

reference_url	https://access.redhat.com/errata/RHSA-2023:5491
reference_id	RHSA-2023:5491
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5491

reference_url	https://access.redhat.com/errata/RHSA-2023:7678
reference_id	RHSA-2023:7678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7678

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://access.redhat.com/errata/RHSA-2024:1027
reference_id	RHSA-2024:1027
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1027

fixed_packages

aliases

CVE-2023-2976, GHSA-7g45-4rm6-3mm3

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-fnpa-1sqy-u7hw

url

VCID-h9yg-u3jh-mbfq

vulnerability_id

VCID-h9yg-u3jh-mbfq

summary

Jenkins Config File Provider Plugin improper credential masking vulnerability
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40339.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40339.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-40339

reference_id

reference_type

scores

value	0.00251
scoring_system	epss
scoring_elements	0.48451
published_at	2026-04-21T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48448
published_at	2026-04-13T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48494
published_at	2026-04-18T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48498
published_at	2026-04-16T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48436
published_at	2026-04-12T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48389
published_at	2026-04-07T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48444
published_at	2026-04-08T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48438
published_at	2026-04-09T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48461
published_at	2026-04-11T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48414
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-40339

reference_url

https://github.com/jenkinsci/config-file-provider-plugin/commit/0432a802e4d2e4eedfe88f7eb8593f85d1bd69d3

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/config-file-provider-plugin/commit/0432a802e4d2e4eedfe88f7eb8593f85d1bd69d3

reference_url

https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T17:42:10Z/

url

https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090

reference_url

http://www.openwall.com/lists/oss-security/2023/08/16/3

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T17:42:10Z/

url

http://www.openwall.com/lists/oss-security/2023/08/16/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2232423
reference_id	2232423
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2232423

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-40339

reference_id

CVE-2023-40339

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-40339

reference_url

https://github.com/advisories/GHSA-pv2g-vm98-vjxf

reference_id

GHSA-pv2g-vm98-vjxf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pv2g-vm98-vjxf

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

aliases

CVE-2023-40339, GHSA-pv2g-vm98-vjxf

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-h9yg-u3jh-mbfq

url

VCID-j456-xdn6-xyej

vulnerability_id

VCID-j456-xdn6-xyej

summary

Cross-Site Request Forgery (CSRF)
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40341.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40341.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-40341

reference_id

reference_type

scores

value	0.00432
scoring_system	epss
scoring_elements	0.62698
published_at	2026-04-18T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62632
published_at	2026-04-04T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62598
published_at	2026-04-07T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62648
published_at	2026-04-13T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62664
published_at	2026-04-09T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62683
published_at	2026-04-11T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62671
published_at	2026-04-12T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62689
published_at	2026-04-16T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.626
published_at	2026-04-02T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62679
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-40341

reference_url

https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T18:31:59Z/

url

https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116

reference_url

http://www.openwall.com/lists/oss-security/2023/08/16/3

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T18:31:59Z/

url

http://www.openwall.com/lists/oss-security/2023/08/16/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2232422
reference_id	2232422
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2232422

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-40341

reference_id

CVE-2023-40341

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-40341

reference_url

https://github.com/advisories/GHSA-g4pq-p927-7pgg

reference_id

GHSA-g4pq-p927-7pgg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g4pq-p927-7pgg

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

aliases

CVE-2023-40341, GHSA-g4pq-p927-7pgg

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-j456-xdn6-xyej

url

VCID-j584-bgww-z7fw

vulnerability_id

VCID-j584-bgww-z7fw

summary

Command injection in Apache Maven maven-shared-utils
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29599.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29599.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29599

reference_id

reference_type

scores

value	0.00346
scoring_system	epss
scoring_elements	0.57273
published_at	2026-04-21T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60813
published_at	2026-04-08T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60865
published_at	2026-04-18T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.6086
published_at	2026-04-16T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60817
published_at	2026-04-13T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60836
published_at	2026-04-12T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60849
published_at	2026-04-11T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.6077
published_at	2026-04-02T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.608
published_at	2026-04-04T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60764
published_at	2026-04-07T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60828
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/maven-shared-utils

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/maven-shared-utils

reference_url

https://github.com/apache/maven-shared-utils/pull/40

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/maven-shared-utils/pull/40

reference_url

https://issues.apache.org/jira/browse/MSHARED-297

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/MSHARED-297

reference_url

https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-29599

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-29599

reference_url

https://www.debian.org/security/2022/dsa-5242

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2022/dsa-5242

reference_url

http://www.openwall.com/lists/oss-security/2022/05/23/3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/05/23/3

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012314
reference_id	1012314
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012314

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2066479
reference_id	2066479
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2066479

reference_url

https://security.archlinux.org/AVG-2736

reference_id

AVG-2736

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2736

reference_url

https://github.com/advisories/GHSA-rhgr-952r-6p8q

reference_id

GHSA-rhgr-952r-6p8q

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rhgr-952r-6p8q

reference_url	https://access.redhat.com/errata/RHSA-2022:1541
reference_id	RHSA-2022:1541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1541

reference_url	https://access.redhat.com/errata/RHSA-2022:1662
reference_id	RHSA-2022:1662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1662

reference_url	https://access.redhat.com/errata/RHSA-2022:4699
reference_id	RHSA-2022:4699
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4699

reference_url	https://access.redhat.com/errata/RHSA-2022:4797
reference_id	RHSA-2022:4797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4797

reference_url	https://access.redhat.com/errata/RHSA-2022:4798
reference_id	RHSA-2022:4798
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4798

reference_url	https://access.redhat.com/errata/RHSA-2022:9098
reference_id	RHSA-2022:9098
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9098

reference_url	https://access.redhat.com/errata/RHSA-2023:0573
reference_id	RHSA-2023:0573
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0573

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3610
reference_id	RHSA-2023:3610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3610

reference_url	https://access.redhat.com/errata/RHSA-2023:3622
reference_id	RHSA-2023:3622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3622

reference_url	https://access.redhat.com/errata/RHSA-2023:6171
reference_id	RHSA-2023:6171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6171

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://usn.ubuntu.com/6730-1/
reference_id	USN-6730-1
reference_type
scores
url	https://usn.ubuntu.com/6730-1/

fixed_packages

aliases

CVE-2022-29599, GHSA-rhgr-952r-6p8q

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-j584-bgww-z7fw

url

VCID-j986-mtma-b3bw

vulnerability_id

VCID-j986-mtma-b3bw

summary

Arbitrary code execution in Apache Commons Text
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.

references

reference_url

http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html

reference_url

http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42889.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42889.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42889

reference_id

reference_type

scores

value	0.94251
scoring_system	epss
scoring_elements	0.99931
published_at	2026-04-18T12:55:00Z

value	0.94251
scoring_system	epss
scoring_elements	0.99932
published_at	2026-04-21T12:55:00Z

value	0.94251
scoring_system	epss
scoring_elements	0.9993
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42889

reference_url

https://arxiv.org/pdf/2306.05534

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://arxiv.org/pdf/2306.05534

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889

reference_url

http://seclists.org/fulldisclosure/2023/Feb/3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://seclists.org/fulldisclosure/2023/Feb/3

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/commons-text

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/commons-text

reference_url

https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-42889

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42889

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022

reference_url

https://security.gentoo.org/glsa/202301-05

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

https://security.gentoo.org/glsa/202301-05

reference_url

https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text

reference_url

https://security.netapp.com/advisory/ntap-20221020-0004

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221020-0004

reference_url

https://security.netapp.com/advisory/ntap-20221020-0004/

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

https://security.netapp.com/advisory/ntap-20221020-0004/

reference_url

http://www.openwall.com/lists/oss-security/2022/10/13/4

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://www.openwall.com/lists/oss-security/2022/10/13/4

reference_url

http://www.openwall.com/lists/oss-security/2022/10/18/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://www.openwall.com/lists/oss-security/2022/10/18/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021787
reference_id	1021787
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021787

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2135435
reference_id	2135435
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2135435

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52261.py
reference_id	CVE-2022-42889
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52261.py

reference_url

https://github.com/advisories/GHSA-599f-7c49-w659

reference_id

GHSA-599f-7c49-w659

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-599f-7c49-w659

reference_url	https://access.redhat.com/errata/RHSA-2022:8652
reference_id	RHSA-2022:8652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8652

reference_url	https://access.redhat.com/errata/RHSA-2022:8876
reference_id	RHSA-2022:8876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8876

reference_url	https://access.redhat.com/errata/RHSA-2022:8902
reference_id	RHSA-2022:8902
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8902

reference_url	https://access.redhat.com/errata/RHSA-2022:9023
reference_id	RHSA-2022:9023
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9023

reference_url	https://access.redhat.com/errata/RHSA-2023:0261
reference_id	RHSA-2023:0261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0261

reference_url	https://access.redhat.com/errata/RHSA-2023:0469
reference_id	RHSA-2023:0469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0469

reference_url	https://access.redhat.com/errata/RHSA-2023:1006
reference_id	RHSA-2023:1006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1006

reference_url	https://access.redhat.com/errata/RHSA-2023:1524
reference_id	RHSA-2023:1524
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1524

reference_url	https://access.redhat.com/errata/RHSA-2023:1655
reference_id	RHSA-2023:1655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1655

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

reference_url	https://access.redhat.com/errata/RHSA-2023:3195
reference_id	RHSA-2023:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3195

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3299
reference_id	RHSA-2023:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3299

reference_url	https://access.redhat.com/errata/RHSA-2023:6171
reference_id	RHSA-2023:6171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6171

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://access.redhat.com/errata/RHSA-2025:1746
reference_id	RHSA-2025:1746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1746

reference_url	https://access.redhat.com/errata/RHSA-2025:1747
reference_id	RHSA-2025:1747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1747

fixed_packages

aliases

CVE-2022-42889, GHSA-599f-7c49-w659

risk_score

10.0

exploitability

2.0

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-j986-mtma-b3bw

url

VCID-mm3e-4pej-byed

vulnerability_id

VCID-mm3e-4pej-byed

summary

Uncontrolled Resource Consumption in snakeyaml
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25857.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25857.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25857

reference_id

reference_type

scores

value	0.00869
scoring_system	epss
scoring_elements	0.75206
published_at	2026-04-21T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75173
published_at	2026-04-13T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75216
published_at	2026-04-18T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.7521
published_at	2026-04-16T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75207
published_at	2026-04-11T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75185
published_at	2026-04-12T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75132
published_at	2026-04-02T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75162
published_at	2026-04-04T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75139
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25857

reference_url

https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174

reference_url

https://bitbucket.org/snakeyaml/snakeyaml/issues/525

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/snakeyaml/snakeyaml/issues/525

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/jruby/jruby/issues/7342

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://github.com/jruby/jruby/issues/7342

reference_url

https://github.com/snakeyaml/snakeyaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/snakeyaml/snakeyaml

reference_url

https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25857

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25857

reference_url

https://security.netapp.com/advisory/ntap-20240315-0010

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240315-0010

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019218
reference_id	1019218
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019218

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2126789
reference_id	2126789
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2126789

reference_url

https://github.com/advisories/GHSA-3mc7-4q67-w48m

reference_id

GHSA-3mc7-4q67-w48m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3mc7-4q67-w48m

reference_url	https://access.redhat.com/errata/RHSA-2022:6757
reference_id	RHSA-2022:6757
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6757

reference_url	https://access.redhat.com/errata/RHSA-2022:6820
reference_id	RHSA-2022:6820
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6820

reference_url	https://access.redhat.com/errata/RHSA-2022:6821
reference_id	RHSA-2022:6821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6821

reference_url	https://access.redhat.com/errata/RHSA-2022:6822
reference_id	RHSA-2022:6822
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6822

reference_url	https://access.redhat.com/errata/RHSA-2022:6823
reference_id	RHSA-2022:6823
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6823

reference_url	https://access.redhat.com/errata/RHSA-2022:6825
reference_id	RHSA-2022:6825
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6825

reference_url	https://access.redhat.com/errata/RHSA-2022:6835
reference_id	RHSA-2022:6835
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6835

reference_url	https://access.redhat.com/errata/RHSA-2022:6941
reference_id	RHSA-2022:6941
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6941

reference_url	https://access.redhat.com/errata/RHSA-2022:8524
reference_id	RHSA-2022:8524
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8524

reference_url	https://access.redhat.com/errata/RHSA-2022:8652
reference_id	RHSA-2022:8652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8652

reference_url	https://access.redhat.com/errata/RHSA-2022:8876
reference_id	RHSA-2022:8876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8876

reference_url	https://access.redhat.com/errata/RHSA-2023:0560
reference_id	RHSA-2023:0560
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0560

reference_url	https://access.redhat.com/errata/RHSA-2023:0777
reference_id	RHSA-2023:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0777

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

reference_url	https://access.redhat.com/errata/RHSA-2023:2100
reference_id	RHSA-2023:2100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2100

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3641
reference_id	RHSA-2023:3641
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3641

reference_url	https://access.redhat.com/errata/RHSA-2023:4983
reference_id	RHSA-2023:4983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4983

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2023:7697
reference_id	RHSA-2023:7697
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7697

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://access.redhat.com/errata/RHSA-2025:4437
reference_id	RHSA-2025:4437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4437

reference_url	https://usn.ubuntu.com/5944-1/
reference_id	USN-5944-1
reference_type
scores
url	https://usn.ubuntu.com/5944-1/

fixed_packages

aliases

CVE-2022-25857, GHSA-3mc7-4q67-w48m

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-mm3e-4pej-byed

url

VCID-quvj-3tpk-qug1

vulnerability_id

VCID-quvj-3tpk-qug1

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25761

reference_id

reference_type

scores

value	0.0175
scoring_system	epss
scoring_elements	0.82597
published_at	2026-04-21T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82562
published_at	2026-04-12T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82593
published_at	2026-04-18T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82557
published_at	2026-04-13T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82521
published_at	2026-04-04T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82517
published_at	2026-04-07T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82543
published_at	2026-04-08T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82551
published_at	2026-04-09T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82569
published_at	2026-04-11T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82503
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25761

reference_url

https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02

reference_url

https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:36:40Z/

url

https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032

reference_url

http://www.openwall.com/lists/oss-security/2023/02/15/4

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:36:40Z/

url

http://www.openwall.com/lists/oss-security/2023/02/15/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170039
reference_id	2170039
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170039

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-25761

reference_id

CVE-2023-25761

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-25761

reference_url

https://github.com/advisories/GHSA-ph74-8rgx-64c5

reference_id

GHSA-ph74-8rgx-64c5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ph74-8rgx-64c5

reference_url	https://access.redhat.com/errata/RHSA-2023:1866
reference_id	RHSA-2023:1866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1866

reference_url	https://access.redhat.com/errata/RHSA-2023:3195
reference_id	RHSA-2023:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3195

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3299
reference_id	RHSA-2023:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3299

reference_url	https://access.redhat.com/errata/RHSA-2023:6171
reference_id	RHSA-2023:6171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6171

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

aliases

CVE-2023-25761, GHSA-ph74-8rgx-64c5

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-quvj-3tpk-qug1

url

VCID-w8yc-azv8-yuh1

vulnerability_id

VCID-w8yc-azv8-yuh1

summary

False Positive
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35116.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35116.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-35116

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03269
published_at	2026-04-02T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03279
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03288
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03294
published_at	2026-04-08T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03315
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03749
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03727
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.037
published_at	2026-04-13T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03678
published_at	2026-04-16T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03689
published_at	2026-04-18T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03811
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-35116

reference_url	https://github.com/FasterXML/jackson-databind/issues/3972
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/issues/3972

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2215214
reference_id	2215214
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2215214

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-35116
reference_id	CVE-2023-35116
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-35116

reference_url	https://access.redhat.com/errata/RHSA-2024:0719
reference_id	RHSA-2024:0719
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0719

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:1027
reference_id	RHSA-2024:1027
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1027

reference_url	https://access.redhat.com/errata/RHSA-2024:6893
reference_id	RHSA-2024:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6893

fixed_packages

aliases

CVE-2023-35116

risk_score

2.1

exploitability

0.5

weighted_severity

4.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-w8yc-azv8-yuh1

url

VCID-zxcj-h6nx-m7gq

vulnerability_id

VCID-zxcj-h6nx-m7gq

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25762.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25762.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25762

reference_id

reference_type

scores

value	0.6532
scoring_system	epss
scoring_elements	0.98493
published_at	2026-04-21T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98492
published_at	2026-04-18T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98485
published_at	2026-04-13T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98486
published_at	2026-04-11T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98483
published_at	2026-04-09T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98482
published_at	2026-04-08T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98478
published_at	2026-04-07T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98477
published_at	2026-04-04T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98474
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25762

reference_url

https://github.com/jenkinsci/pipeline-build-step-plugin

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/pipeline-build-step-plugin

reference_url

https://github.com/jenkinsci/pipeline-build-step-plugin/commit/0eaf88a695244ddb69d16c11b96659167dbead92

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/pipeline-build-step-plugin/commit/0eaf88a695244ddb69d16c11b96659167dbead92

reference_url

https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T18:48:31Z/

url

https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019

reference_url

http://www.openwall.com/lists/oss-security/2023/02/15/4

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T18:48:31Z/

url

http://www.openwall.com/lists/oss-security/2023/02/15/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170041
reference_id	2170041
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170041

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-25762

reference_id

CVE-2023-25762

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-25762

reference_url

https://github.com/advisories/GHSA-9j65-3f2q-8q2r

reference_id

GHSA-9j65-3f2q-8q2r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9j65-3f2q-8q2r

reference_url	https://access.redhat.com/errata/RHSA-2023:1866
reference_id	RHSA-2023:1866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1866

reference_url	https://access.redhat.com/errata/RHSA-2023:3195
reference_id	RHSA-2023:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3195

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3299
reference_id	RHSA-2023:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3299

reference_url	https://access.redhat.com/errata/RHSA-2023:6171
reference_id	RHSA-2023:6171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6171

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

aliases

CVE-2023-25762, GHSA-9j65-3f2q-8q2r

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-zxcj-h6nx-m7gq

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.14.1706516441-1%3Farch=el8

Package Instance