Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins-2-plugins@4.11.1706516946-1?arch=el8
Typerpm
Namespaceredhat
Namejenkins-2-plugins
Version4.11.1706516946-1
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-5bu5-5b6n-nuft
vulnerability_id VCID-5bu5-5b6n-nuft
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24422
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07526
published_at 2026-04-29T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.0753
published_at 2026-04-07T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.07589
published_at 2026-04-08T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07609
published_at 2026-04-09T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07607
published_at 2026-04-11T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.07595
published_at 2026-04-12T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.07582
published_at 2026-04-24T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07507
published_at 2026-04-16T12:55:00Z
8
value 0.00027
scoring_system epss
scoring_elements 0.07494
published_at 2026-04-18T12:55:00Z
9
value 0.00027
scoring_system epss
scoring_elements 0.07636
published_at 2026-04-21T12:55:00Z
10
value 0.00027
scoring_system epss
scoring_elements 0.07559
published_at 2026-04-26T12:55:00Z
11
value 0.00027
scoring_system epss
scoring_elements 0.07508
published_at 2026-04-02T12:55:00Z
12
value 0.00027
scoring_system epss
scoring_elements 0.07548
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24422
2
reference_url https://github.com/jenkinsci/script-security-plugin
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin
3
reference_url https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73
4
reference_url https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T14:29:50Z/
url https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164278
reference_id 2164278
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164278
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24422
reference_id CVE-2023-24422
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24422
7
reference_url https://github.com/advisories/GHSA-76qj-9gwh-pvv3
reference_id GHSA-76qj-9gwh-pvv3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76qj-9gwh-pvv3
8
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
9
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
10
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
11
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
12
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
13
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
14
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
15
reference_url https://access.redhat.com/errata/RHSA-2023:6179
reference_id RHSA-2023:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6179
16
reference_url https://access.redhat.com/errata/RHSA-2023:7288
reference_id RHSA-2023:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7288
17
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
18
reference_url https://access.redhat.com/errata/RHSA-2024:0776
reference_id RHSA-2024:0776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0776
19
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
20
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-24422, GHSA-76qj-9gwh-pvv3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bu5-5b6n-nuft
1
url VCID-955x-hg4a-5kc3
vulnerability_id VCID-955x-hg4a-5kc3
summary 
Session Fixation
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37946.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37946.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37946
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.23922
published_at 2026-04-04T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.23881
published_at 2026-04-02T12:55:00Z
2
value 0.00101
scoring_system epss
scoring_elements 0.27816
published_at 2026-04-16T12:55:00Z
3
value 0.00101
scoring_system epss
scoring_elements 0.27809
published_at 2026-04-13T12:55:00Z
4
value 0.00101
scoring_system epss
scoring_elements 0.27867
published_at 2026-04-12T12:55:00Z
5
value 0.00101
scoring_system epss
scoring_elements 0.27749
published_at 2026-04-21T12:55:00Z
6
value 0.00101
scoring_system epss
scoring_elements 0.27909
published_at 2026-04-11T12:55:00Z
7
value 0.00101
scoring_system epss
scoring_elements 0.27799
published_at 2026-04-07T12:55:00Z
8
value 0.00101
scoring_system epss
scoring_elements 0.27908
published_at 2026-04-09T12:55:00Z
9
value 0.00101
scoring_system epss
scoring_elements 0.27866
published_at 2026-04-08T12:55:00Z
10
value 0.00101
scoring_system epss
scoring_elements 0.27793
published_at 2026-04-18T12:55:00Z
11
value 0.00103
scoring_system epss
scoring_elements 0.27858
published_at 2026-04-29T12:55:00Z
12
value 0.00103
scoring_system epss
scoring_elements 0.28047
published_at 2026-04-24T12:55:00Z
13
value 0.00103
scoring_system epss
scoring_elements 0.27935
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37946
2
reference_url https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:57:26Z/
url https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998
3
reference_url http://www.openwall.com/lists/oss-security/2023/07/12/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:57:26Z/
url http://www.openwall.com/lists/oss-security/2023/07/12/2
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2222709
reference_id 2222709
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2222709
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37946
reference_id CVE-2023-37946
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37946
6
reference_url https://github.com/advisories/GHSA-rwg5-2pv9-633w
reference_id GHSA-rwg5-2pv9-633w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rwg5-2pv9-633w
7
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
8
reference_url https://access.redhat.com/errata/RHSA-2024:0776
reference_id RHSA-2024:0776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0776
9
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
fixed_packages
aliases CVE-2023-37946, GHSA-rwg5-2pv9-633w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-955x-hg4a-5kc3
2
url VCID-dmkc-42vj-gbhc
vulnerability_id VCID-dmkc-42vj-gbhc
summary 
SnakeYaml Constructor Deserialization Remote Code Execution
### Summary
SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows
any type be deserialized given the following line:

new Yaml(new Constructor(TestDataClass.class)).load(yamlContent);

Types do not have to match the types of properties in the
target class. A `ConstructorException` is thrown, but only after a malicious
payload is deserialized.

### Severity
High, lack of type checks during deserialization allows remote code execution.

### Proof of Concept
Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload
for RCE. RCE is demonstrated by using a payload which performs a http request to
http://127.0.0.1:8000.

Example output of successful run of proof of concept:

```
$ bash run.sh

[+] Downloading snakeyaml if needed
[+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE
nc: no process found
[+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server.
[+] An exception is expected.
Exception:
Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0
 in 'string', line 1, column 1:
    payload: !!javax.script.ScriptEn ... 
    ^
Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager
 in 'string', line 1, column 10:
    payload: !!javax.script.ScriptEngineManag ... 
             ^

	at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291)
	at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172)
	at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332)
	at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230)
	at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220)
	at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174)
	at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158)
	at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491)
	at org.yaml.snakeyaml.Yaml.load(Yaml.java:416)
	at Main.main(Main.java:37)
Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager
	at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)
	at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)
	at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81)
	at java.base/java.lang.reflect.Field.set(Field.java:780)
	at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44)
	at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286)
	... 9 more
[+] Dumping Received HTTP Request. Will not be empty if PoC worked
GET /proof-of-concept HTTP/1.1
User-Agent: Java/11.0.14
Host: localhost:8000
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
```

### Further Analysis
Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content.

See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject.

### Timeline
**Date reported**: 4/11/2022
**Date fixed**:  [30/12/2022](https://bitbucket.org/snakeyaml/snakeyaml/pull-requests/44)
**Date disclosed**: 10/13/2022
references
0
reference_url http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/
url http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1471.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1471.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1471
reference_id
reference_type
scores
0
value 0.93849
scoring_system epss
scoring_elements 0.99868
published_at 2026-04-26T12:55:00Z
1
value 0.93849
scoring_system epss
scoring_elements 0.99867
published_at 2026-04-24T12:55:00Z
2
value 0.93849
scoring_system epss
scoring_elements 0.99866
published_at 2026-04-12T12:55:00Z
3
value 0.93849
scoring_system epss
scoring_elements 0.99864
published_at 2026-04-01T12:55:00Z
4
value 0.93849
scoring_system epss
scoring_elements 0.99865
published_at 2026-04-02T12:55:00Z
5
value 0.94088
scoring_system epss
scoring_elements 0.99907
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1471
3
reference_url https://bitbucket.org/snakeyaml/snakeyaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/snakeyaml/snakeyaml
4
reference_url https://bitbucket.org/snakeyaml/snakeyaml/commits/5014df1a36f50aca54405bb8433bc99a8847f758
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/snakeyaml/snakeyaml/commits/5014df1a36f50aca54405bb8433bc99a8847f758
5
reference_url https://bitbucket.org/snakeyaml/snakeyaml/commits/acc44099f5f4af26ff86b4e4e4cc1c874e2dc5c4
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/snakeyaml/snakeyaml/commits/acc44099f5f4af26ff86b4e4e4cc1c874e2dc5c4
6
reference_url https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/
url https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479
7
reference_url https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374
8
reference_url https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314
9
reference_url https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE-2022-1471
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE-2022-1471
10
reference_url https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/
url https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471
12
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
13
reference_url https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/
url https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
14
reference_url https://github.com/mbechler/marshalsec
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/
url https://github.com/mbechler/marshalsec
15
reference_url https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/
url https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc
16
reference_url https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/
url https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1471
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1471
18
reference_url https://security.netapp.com/advisory/ntap-20230818-0015
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230818-0015
19
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
20
reference_url https://snyk.io/blog/unsafe-deserialization-snakeyaml-java-cve-2022-1471
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/blog/unsafe-deserialization-snakeyaml-java-cve-2022-1471
21
reference_url https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/
url https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
22
reference_url http://www.openwall.com/lists/oss-security/2023/11/19/1
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/
url http://www.openwall.com/lists/oss-security/2023/11/19/1
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2150009
reference_id 2150009
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2150009
24
reference_url https://github.com/advisories/GHSA-mjmj-j48q-9wg2
reference_id GHSA-mjmj-j48q-9wg2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mjmj-j48q-9wg2
25
reference_url https://security.netapp.com/advisory/ntap-20230818-0015/
reference_id ntap-20230818-0015
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/
url https://security.netapp.com/advisory/ntap-20230818-0015/
26
reference_url https://access.redhat.com/errata/RHSA-2022:9032
reference_id RHSA-2022:9032
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9032
27
reference_url https://access.redhat.com/errata/RHSA-2022:9058
reference_id RHSA-2022:9058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9058
28
reference_url https://access.redhat.com/errata/RHSA-2023:0697
reference_id RHSA-2023:0697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0697
29
reference_url https://access.redhat.com/errata/RHSA-2023:0758
reference_id RHSA-2023:0758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0758
30
reference_url https://access.redhat.com/errata/RHSA-2023:0777
reference_id RHSA-2023:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0777
31
reference_url https://access.redhat.com/errata/RHSA-2023:1006
reference_id RHSA-2023:1006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1006
32
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
33
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
34
reference_url https://access.redhat.com/errata/RHSA-2023:5165
reference_id RHSA-2023:5165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5165
35
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
36
reference_url https://access.redhat.com/errata/RHSA-2023:7697
reference_id RHSA-2023:7697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7697
37
reference_url https://access.redhat.com/errata/RHSA-2024:0325
reference_id RHSA-2024:0325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0325
38
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
39
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
40
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
fixed_packages
aliases CVE-2022-1471, GHSA-mjmj-j48q-9wg2
risk_score 10.0
exploitability 2.0
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmkc-42vj-gbhc
3
url VCID-j584-bgww-z7fw
vulnerability_id VCID-j584-bgww-z7fw
summary 
Command injection in Apache Maven maven-shared-utils
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29599.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29599.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29599
reference_id
reference_type
scores
0
value 0.00346
scoring_system epss
scoring_elements 0.57245
published_at 2026-04-26T12:55:00Z
1
value 0.00346
scoring_system epss
scoring_elements 0.57222
published_at 2026-04-24T12:55:00Z
2
value 0.00346
scoring_system epss
scoring_elements 0.57273
published_at 2026-04-21T12:55:00Z
3
value 0.00346
scoring_system epss
scoring_elements 0.57225
published_at 2026-04-29T12:55:00Z
4
value 0.00402
scoring_system epss
scoring_elements 0.60849
published_at 2026-04-11T12:55:00Z
5
value 0.00402
scoring_system epss
scoring_elements 0.60828
published_at 2026-04-09T12:55:00Z
6
value 0.00402
scoring_system epss
scoring_elements 0.60813
published_at 2026-04-08T12:55:00Z
7
value 0.00402
scoring_system epss
scoring_elements 0.60764
published_at 2026-04-07T12:55:00Z
8
value 0.00402
scoring_system epss
scoring_elements 0.608
published_at 2026-04-04T12:55:00Z
9
value 0.00402
scoring_system epss
scoring_elements 0.60817
published_at 2026-04-13T12:55:00Z
10
value 0.00402
scoring_system epss
scoring_elements 0.60865
published_at 2026-04-18T12:55:00Z
11
value 0.00402
scoring_system epss
scoring_elements 0.6086
published_at 2026-04-16T12:55:00Z
12
value 0.00402
scoring_system epss
scoring_elements 0.6077
published_at 2026-04-02T12:55:00Z
13
value 0.00402
scoring_system epss
scoring_elements 0.60836
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29599
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/maven-shared-utils
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/maven-shared-utils
5
reference_url https://github.com/apache/maven-shared-utils/pull/40
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/maven-shared-utils/pull/40
6
reference_url https://issues.apache.org/jira/browse/MSHARED-297
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/MSHARED-297
7
reference_url https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29599
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29599
9
reference_url https://www.debian.org/security/2022/dsa-5242
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5242
10
reference_url http://www.openwall.com/lists/oss-security/2022/05/23/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/05/23/3
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012314
reference_id 1012314
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012314
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2066479
reference_id 2066479
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2066479
13
reference_url https://security.archlinux.org/AVG-2736
reference_id AVG-2736
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2736
14
reference_url https://github.com/advisories/GHSA-rhgr-952r-6p8q
reference_id GHSA-rhgr-952r-6p8q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rhgr-952r-6p8q
15
reference_url https://access.redhat.com/errata/RHSA-2022:1541
reference_id RHSA-2022:1541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1541
16
reference_url https://access.redhat.com/errata/RHSA-2022:1662
reference_id RHSA-2022:1662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1662
17
reference_url https://access.redhat.com/errata/RHSA-2022:4699
reference_id RHSA-2022:4699
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4699
18
reference_url https://access.redhat.com/errata/RHSA-2022:4797
reference_id RHSA-2022:4797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4797
19
reference_url https://access.redhat.com/errata/RHSA-2022:4798
reference_id RHSA-2022:4798
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4798
20
reference_url https://access.redhat.com/errata/RHSA-2022:9098
reference_id RHSA-2022:9098
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9098
21
reference_url https://access.redhat.com/errata/RHSA-2023:0573
reference_id RHSA-2023:0573
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0573
22
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
23
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
24
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
25
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
26
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
27
reference_url https://access.redhat.com/errata/RHSA-2023:6179
reference_id RHSA-2023:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6179
28
reference_url https://access.redhat.com/errata/RHSA-2023:7288
reference_id RHSA-2023:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7288
29
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
30
reference_url https://access.redhat.com/errata/RHSA-2024:0776
reference_id RHSA-2024:0776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0776
31
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
32
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
33
reference_url https://usn.ubuntu.com/6730-1/
reference_id USN-6730-1
reference_type
scores
url https://usn.ubuntu.com/6730-1/
fixed_packages
aliases CVE-2022-29599, GHSA-rhgr-952r-6p8q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j584-bgww-z7fw
4
url VCID-j986-mtma-b3bw
vulnerability_id VCID-j986-mtma-b3bw
summary 
Arbitrary code execution in Apache Commons Text
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
references
0
reference_url http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html
1
reference_url http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42889.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42889.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42889
reference_id
reference_type
scores
0
value 0.94251
scoring_system epss
scoring_elements 0.99933
published_at 2026-04-29T12:55:00Z
1
value 0.94251
scoring_system epss
scoring_elements 0.99932
published_at 2026-04-26T12:55:00Z
2
value 0.94251
scoring_system epss
scoring_elements 0.99931
published_at 2026-04-18T12:55:00Z
3
value 0.94251
scoring_system epss
scoring_elements 0.9993
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42889
4
reference_url https://arxiv.org/pdf/2306.05534
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://arxiv.org/pdf/2306.05534
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889
6
reference_url http://seclists.org/fulldisclosure/2023/Feb/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url http://seclists.org/fulldisclosure/2023/Feb/3
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/apache/commons-text
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-text
9
reference_url https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42889
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42889
11
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022
12
reference_url https://security.gentoo.org/glsa/202301-05
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url https://security.gentoo.org/glsa/202301-05
13
reference_url https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text
14
reference_url https://security.netapp.com/advisory/ntap-20221020-0004
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221020-0004
15
reference_url https://security.netapp.com/advisory/ntap-20221020-0004/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url https://security.netapp.com/advisory/ntap-20221020-0004/
16
reference_url http://www.openwall.com/lists/oss-security/2022/10/13/4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url http://www.openwall.com/lists/oss-security/2022/10/13/4
17
reference_url http://www.openwall.com/lists/oss-security/2022/10/18/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url http://www.openwall.com/lists/oss-security/2022/10/18/1
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021787
reference_id 1021787
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021787
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135435
reference_id 2135435
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135435
20
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52261.py
reference_id CVE-2022-42889
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52261.py
21
reference_url https://github.com/advisories/GHSA-599f-7c49-w659
reference_id GHSA-599f-7c49-w659
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-599f-7c49-w659
22
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
23
reference_url https://access.redhat.com/errata/RHSA-2022:8876
reference_id RHSA-2022:8876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8876
24
reference_url https://access.redhat.com/errata/RHSA-2022:8902
reference_id RHSA-2022:8902
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8902
25
reference_url https://access.redhat.com/errata/RHSA-2022:9023
reference_id RHSA-2022:9023
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9023
26
reference_url https://access.redhat.com/errata/RHSA-2023:0261
reference_id RHSA-2023:0261
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0261
27
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
28
reference_url https://access.redhat.com/errata/RHSA-2023:1006
reference_id RHSA-2023:1006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1006
29
reference_url https://access.redhat.com/errata/RHSA-2023:1524
reference_id RHSA-2023:1524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1524
30
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
31
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
32
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
33
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
34
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
35
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
36
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
37
reference_url https://access.redhat.com/errata/RHSA-2023:6179
reference_id RHSA-2023:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6179
38
reference_url https://access.redhat.com/errata/RHSA-2023:7288
reference_id RHSA-2023:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7288
39
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
40
reference_url https://access.redhat.com/errata/RHSA-2024:0776
reference_id RHSA-2024:0776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0776
41
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
42
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
43
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
44
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
fixed_packages
aliases CVE-2022-42889, GHSA-599f-7c49-w659
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j986-mtma-b3bw
5
url VCID-quvj-3tpk-qug1
vulnerability_id VCID-quvj-3tpk-qug1
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25761
reference_id
reference_type
scores
0
value 0.0175
scoring_system epss
scoring_elements 0.82628
published_at 2026-04-26T12:55:00Z
1
value 0.0175
scoring_system epss
scoring_elements 0.82517
published_at 2026-04-07T12:55:00Z
2
value 0.0175
scoring_system epss
scoring_elements 0.82543
published_at 2026-04-08T12:55:00Z
3
value 0.0175
scoring_system epss
scoring_elements 0.82551
published_at 2026-04-09T12:55:00Z
4
value 0.0175
scoring_system epss
scoring_elements 0.82569
published_at 2026-04-11T12:55:00Z
5
value 0.0175
scoring_system epss
scoring_elements 0.82562
published_at 2026-04-12T12:55:00Z
6
value 0.0175
scoring_system epss
scoring_elements 0.82557
published_at 2026-04-13T12:55:00Z
7
value 0.0175
scoring_system epss
scoring_elements 0.82593
published_at 2026-04-18T12:55:00Z
8
value 0.0175
scoring_system epss
scoring_elements 0.82597
published_at 2026-04-21T12:55:00Z
9
value 0.0175
scoring_system epss
scoring_elements 0.82618
published_at 2026-04-24T12:55:00Z
10
value 0.0175
scoring_system epss
scoring_elements 0.82503
published_at 2026-04-02T12:55:00Z
11
value 0.0175
scoring_system epss
scoring_elements 0.82635
published_at 2026-04-29T12:55:00Z
12
value 0.0175
scoring_system epss
scoring_elements 0.82521
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25761
2
reference_url https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02
3
reference_url https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:36:40Z/
url https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032
4
reference_url http://www.openwall.com/lists/oss-security/2023/02/15/4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:36:40Z/
url http://www.openwall.com/lists/oss-security/2023/02/15/4
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170039
reference_id 2170039
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170039
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25761
reference_id CVE-2023-25761
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25761
7
reference_url https://github.com/advisories/GHSA-ph74-8rgx-64c5
reference_id GHSA-ph74-8rgx-64c5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ph74-8rgx-64c5
8
reference_url https://access.redhat.com/errata/RHSA-2023:1866
reference_id RHSA-2023:1866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1866
9
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
10
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
11
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
12
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
13
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
14
reference_url https://access.redhat.com/errata/RHSA-2023:6179
reference_id RHSA-2023:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6179
15
reference_url https://access.redhat.com/errata/RHSA-2023:7288
reference_id RHSA-2023:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7288
16
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
17
reference_url https://access.redhat.com/errata/RHSA-2024:0776
reference_id RHSA-2024:0776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0776
18
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
19
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-25761, GHSA-ph74-8rgx-64c5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-quvj-3tpk-qug1
6
url VCID-zxcj-h6nx-m7gq
vulnerability_id VCID-zxcj-h6nx-m7gq
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25762.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25762.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25762
reference_id
reference_type
scores
0
value 0.6532
scoring_system epss
scoring_elements 0.98496
published_at 2026-04-29T12:55:00Z
1
value 0.6532
scoring_system epss
scoring_elements 0.98474
published_at 2026-04-02T12:55:00Z
2
value 0.6532
scoring_system epss
scoring_elements 0.98477
published_at 2026-04-04T12:55:00Z
3
value 0.6532
scoring_system epss
scoring_elements 0.98478
published_at 2026-04-07T12:55:00Z
4
value 0.6532
scoring_system epss
scoring_elements 0.98482
published_at 2026-04-08T12:55:00Z
5
value 0.6532
scoring_system epss
scoring_elements 0.98483
published_at 2026-04-09T12:55:00Z
6
value 0.6532
scoring_system epss
scoring_elements 0.98486
published_at 2026-04-11T12:55:00Z
7
value 0.6532
scoring_system epss
scoring_elements 0.98485
published_at 2026-04-13T12:55:00Z
8
value 0.6532
scoring_system epss
scoring_elements 0.98492
published_at 2026-04-18T12:55:00Z
9
value 0.6532
scoring_system epss
scoring_elements 0.98493
published_at 2026-04-21T12:55:00Z
10
value 0.6532
scoring_system epss
scoring_elements 0.98497
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25762
2
reference_url https://github.com/jenkinsci/pipeline-build-step-plugin
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-build-step-plugin
3
reference_url https://github.com/jenkinsci/pipeline-build-step-plugin/commit/0eaf88a695244ddb69d16c11b96659167dbead92
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-build-step-plugin/commit/0eaf88a695244ddb69d16c11b96659167dbead92
4
reference_url https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T18:48:31Z/
url https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019
5
reference_url http://www.openwall.com/lists/oss-security/2023/02/15/4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T18:48:31Z/
url http://www.openwall.com/lists/oss-security/2023/02/15/4
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170041
reference_id 2170041
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170041
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25762
reference_id CVE-2023-25762
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25762
8
reference_url https://github.com/advisories/GHSA-9j65-3f2q-8q2r
reference_id GHSA-9j65-3f2q-8q2r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9j65-3f2q-8q2r
9
reference_url https://access.redhat.com/errata/RHSA-2023:1866
reference_id RHSA-2023:1866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1866
10
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
11
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
12
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
13
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
14
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
15
reference_url https://access.redhat.com/errata/RHSA-2023:6179
reference_id RHSA-2023:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6179
16
reference_url https://access.redhat.com/errata/RHSA-2023:7288
reference_id RHSA-2023:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7288
17
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
18
reference_url https://access.redhat.com/errata/RHSA-2024:0776
reference_id RHSA-2024:0776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0776
19
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
20
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-25762, GHSA-9j65-3f2q-8q2r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxcj-h6nx-m7gq
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.11.1706516946-1%3Farch=el8