Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/96099?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/96099?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1686649756-1?arch=el8", "type": "rpm", "namespace": "redhat", "name": "jenkins-2-plugins", "version": "4.12.1686649756-1", "qualifiers": { "arch": "el8" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15957?format=api", "vulnerability_id": "VCID-4qvq-xv22-xbed", "summary": "Missing Authorization\nJenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30954.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30954.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.402", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.40224", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41654", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41728", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41826", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41777", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41823", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4179", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4174", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41577", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41655", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30954" }, { "reference_url": "https://github.com/jenkinsci/blueocean-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/blueocean-plugin" }, { "reference_url": "https://github.com/jenkinsci/blueocean-plugin/commit/ffd89b675b172c86613459935fe220dc2bba0c57", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/blueocean-plugin/commit/ffd89b675b172c86613459935fe220dc2bba0c57" }, { "reference_url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/05/17/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/05/17/8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119647", "reference_id": "2119647", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119647" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30954", "reference_id": "CVE-2022-30954", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30954" }, { "reference_url": "https://github.com/advisories/GHSA-5m4q-x28v-q6wp", "reference_id": "GHSA-5m4q-x28v-q6wp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5m4q-x28v-q6wp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0017", "reference_id": "RHSA-2023:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0560", "reference_id": "RHSA-2023:0560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0777", "reference_id": "RHSA-2023:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3198", "reference_id": "RHSA-2023:3198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3610", "reference_id": "RHSA-2023:3610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3622", "reference_id": "RHSA-2023:3622", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3622" } ], "fixed_packages": [], "aliases": [ "CVE-2022-30954", "GHSA-5m4q-x28v-q6wp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qvq-xv22-xbed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16213?format=api", "vulnerability_id": "VCID-5bu5-5b6n-nuft", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07526", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0753", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07589", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07609", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07607", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07595", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07582", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07507", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07494", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07636", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07559", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07508", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07548", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24422" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73" }, { "reference_url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T14:29:50Z/" } ], "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278", "reference_id": "2164278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "reference_id": "CVE-2023-24422", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "reference_url": "https://github.com/advisories/GHSA-76qj-9gwh-pvv3", "reference_id": "GHSA-76qj-9gwh-pvv3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76qj-9gwh-pvv3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1655", "reference_id": "RHSA-2023:1655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3195", "reference_id": "RHSA-2023:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3198", "reference_id": "RHSA-2023:3198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3299", "reference_id": "RHSA-2023:3299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3610", "reference_id": "RHSA-2023:3610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6171", "reference_id": "RHSA-2023:6171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6172", "reference_id": "RHSA-2023:6172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6172" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6179", "reference_id": "RHSA-2023:6179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7288", "reference_id": "RHSA-2023:7288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0775", "reference_id": "RHSA-2024:0775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0776", "reference_id": "RHSA-2024:0776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0777", "reference_id": "RHSA-2024:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0778", "reference_id": "RHSA-2024:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "fixed_packages": [], "aliases": [ "CVE-2023-24422", "GHSA-76qj-9gwh-pvv3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5bu5-5b6n-nuft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16881?format=api", "vulnerability_id": "VCID-7k5m-ys11-mfby", "summary": "json-smart Uncontrolled Recursion vulnerability\nAffected versions of [net.minidev:json-smart](https://github.com/netplex/json-smart-v1) are vulnerable to Denial of Service (DoS) due to a StackOverflowError when parsing a deeply nested JSON array or object.\n\nWhen reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the 3PP does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1370.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1370.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1370", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02236", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02246", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02286", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02264", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02254", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02257", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02931", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03044", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02994", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03005", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0301", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02908", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02923", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370" }, { "reference_url": "https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a" }, { "reference_url": "https://github.com/netplex/json-smart-v2/commit/e2791ae506a57491bc856b439d706c81e45adcf8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netplex/json-smart-v2/commit/e2791ae506a57491bc856b439d706c81e45adcf8" }, { "reference_url": "https://github.com/netplex/json-smart-v2/issues/137", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netplex/json-smart-v2/issues/137" }, { "reference_url": "https://github.com/oswaldobapvicjr/jsonmerge", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/oswaldobapvicjr/jsonmerge" }, { "reference_url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2023-1370", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474", "reference_id": "1033474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", "reference_id": "2188542", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", "reference_id": "CVE-2023-1370", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370" }, { "reference_url": "https://github.com/advisories/GHSA-493p-pfq6-5258", "reference_id": "GHSA-493p-pfq6-5258", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-493p-pfq6-5258" }, { "reference_url": "https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258", "reference_id": "GHSA-493p-pfq6-5258", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2099", "reference_id": "RHSA-2023:2099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2100", "reference_id": "RHSA-2023:2100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3179", "reference_id": "RHSA-2023:3179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3193", "reference_id": "RHSA-2023:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3223", "reference_id": "RHSA-2023:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3362", "reference_id": "RHSA-2023:3362", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3362" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3610", "reference_id": "RHSA-2023:3610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3622", "reference_id": "RHSA-2023:3622", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3622" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3641", "reference_id": "RHSA-2023:3641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3641" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3663", "reference_id": "RHSA-2023:3663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7697", "reference_id": "RHSA-2023:7697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7697" }, { "reference_url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", "reference_id": "stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T19:09:38Z/" } ], "url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/" }, { "reference_url": "https://usn.ubuntu.com/6011-1/", "reference_id": "USN-6011-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6011-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2023-1370", "GHSA-493p-pfq6-5258" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7k5m-ys11-mfby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57925?format=api", "vulnerability_id": "VCID-j584-bgww-z7fw", "summary": "Command injection in Apache Maven maven-shared-utils\nIn Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29599.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29599.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29599", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57245", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57222", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57273", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57225", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60849", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60828", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60813", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60764", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.608", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60817", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60865", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.6086", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.6077", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60836", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/maven-shared-utils", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/maven-shared-utils" }, { "reference_url": "https://github.com/apache/maven-shared-utils/pull/40", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/maven-shared-utils/pull/40" }, { "reference_url": "https://issues.apache.org/jira/browse/MSHARED-297", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/MSHARED-297" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5242", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5242" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/05/23/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/05/23/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012314", "reference_id": "1012314", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012314" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479", "reference_id": "2066479", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "reference_url": "https://security.archlinux.org/AVG-2736", "reference_id": "AVG-2736", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2736" }, { "reference_url": "https://github.com/advisories/GHSA-rhgr-952r-6p8q", "reference_id": "GHSA-rhgr-952r-6p8q", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rhgr-952r-6p8q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1541", "reference_id": "RHSA-2022:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1662", "reference_id": "RHSA-2022:1662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4699", "reference_id": "RHSA-2022:4699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4797", "reference_id": "RHSA-2022:4797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4798", "reference_id": "RHSA-2022:4798", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9098", "reference_id": "RHSA-2022:9098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0573", "reference_id": "RHSA-2023:0573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3198", "reference_id": "RHSA-2023:3198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3610", "reference_id": "RHSA-2023:3610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3622", "reference_id": "RHSA-2023:3622", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3622" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6171", "reference_id": "RHSA-2023:6171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6172", "reference_id": "RHSA-2023:6172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6172" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6179", "reference_id": "RHSA-2023:6179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7288", "reference_id": "RHSA-2023:7288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0775", "reference_id": "RHSA-2024:0775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0776", "reference_id": "RHSA-2024:0776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0777", "reference_id": "RHSA-2024:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0778", "reference_id": "RHSA-2024:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0778" }, { "reference_url": "https://usn.ubuntu.com/6730-1/", "reference_id": "USN-6730-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6730-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-29599", "GHSA-rhgr-952r-6p8q" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j584-bgww-z7fw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52409?format=api", "vulnerability_id": "VCID-myp4-24sf-9yfv", "summary": "Jettison memory exhaustion\nThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40150.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40150.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20115", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20219", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20277", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20272", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20284", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20343", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2043", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20358", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20299", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20493", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20149", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20276", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21086", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40150" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jettison-json/jettison", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jettison-json/jettison" }, { "reference_url": "https://github.com/jettison-json/jettison/issues/45", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/" } ], "url": "https://github.com/jettison-json/jettison/issues/45" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5312", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5312" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022553", "reference_id": "1022553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022553" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", "reference_id": "2135770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "reference_url": "https://github.com/advisories/GHSA-x27m-9w8j-5vcw", "reference_id": "GHSA-x27m-9w8j-5vcw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x27m-9w8j-5vcw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0469", "reference_id": "RHSA-2023:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2100", "reference_id": "RHSA-2023:2100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3223", "reference_id": "RHSA-2023:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3610", "reference_id": "RHSA-2023:3610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3663", "reference_id": "RHSA-2023:3663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4437", "reference_id": "RHSA-2025:4437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4437" }, { "reference_url": "https://usn.ubuntu.com/6177-1/", "reference_id": "USN-6177-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6177-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-40150", "GHSA-x27m-9w8j-5vcw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-myp4-24sf-9yfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52395?format=api", "vulnerability_id": "VCID-sqx4-euc2-myew", "summary": "Jettison parser crash by stackoverflow\nThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40149.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40149.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40149", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68029", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67901", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.6792", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67899", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.6795", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67964", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67988", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67974", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67939", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67977", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.6799", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67972", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68015", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68024", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40149" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693" }, { "reference_url": "https://github.com/jettison-json/jettison", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jettison-json/jettison" }, { "reference_url": "https://github.com/jettison-json/jettison/issues/45", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/" } ], "url": "https://github.com/jettison-json/jettison/issues/45" }, { "reference_url": "https://github.com/jettison-json/jettison/pull/49/files", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jettison-json/jettison/pull/49/files" }, { "reference_url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5312", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5312" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022554", "reference_id": "1022554", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022554" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", "reference_id": "2135771", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "reference_id": "CVE-2022-40149", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "reference_url": "https://github.com/advisories/GHSA-56h3-78gp-v83r", "reference_id": "GHSA-56h3-78gp-v83r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-56h3-78gp-v83r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0469", "reference_id": "RHSA-2023:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0544", "reference_id": "RHSA-2023:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3223", "reference_id": "RHSA-2023:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3610", "reference_id": "RHSA-2023:3610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3663", "reference_id": "RHSA-2023:3663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4437", "reference_id": "RHSA-2025:4437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4437" }, { "reference_url": "https://usn.ubuntu.com/6177-1/", "reference_id": "USN-6177-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6177-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-40149", "GHSA-56h3-78gp-v83r" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sqx4-euc2-myew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17609?format=api", "vulnerability_id": "VCID-v9jp-s75d-zffs", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nJenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32977.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32977.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03706", "scoring_system": "epss", "scoring_elements": "0.87998", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03706", "scoring_system": "epss", "scoring_elements": "0.87932", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03706", "scoring_system": "epss", "scoring_elements": "0.87952", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03706", "scoring_system": "epss", "scoring_elements": "0.87959", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03706", "scoring_system": "epss", "scoring_elements": "0.8797", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03706", "scoring_system": "epss", "scoring_elements": "0.87962", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03706", "scoring_system": "epss", "scoring_elements": "0.87961", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03706", "scoring_system": "epss", "scoring_elements": "0.87975", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03706", "scoring_system": "epss", "scoring_elements": "0.87974", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03706", "scoring_system": "epss", "scoring_elements": "0.87991", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03706", "scoring_system": "epss", "scoring_elements": "0.87915", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03706", "scoring_system": "epss", "scoring_elements": "0.87928", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32977" }, { "reference_url": "https://github.com/jenkinsci/workflow-job-plugin/commit/395eb740000509bff789c7f409c90f2a4a738821", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/workflow-job-plugin/commit/395eb740000509bff789c7f409c90f2a4a738821" }, { "reference_url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T16:05:56Z/" } ], "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830", "reference_id": "2207830", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977", "reference_id": "CVE-2023-32977", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977" }, { "reference_url": "https://github.com/advisories/GHSA-2wvv-phhw-qvmc", "reference_id": "GHSA-2wvv-phhw-qvmc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2wvv-phhw-qvmc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3610", "reference_id": "RHSA-2023:3610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3625", "reference_id": "RHSA-2023:3625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3663", "reference_id": "RHSA-2023:3663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "fixed_packages": [], "aliases": [ "CVE-2023-32977", "GHSA-2wvv-phhw-qvmc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9jp-s75d-zffs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52739?format=api", "vulnerability_id": "VCID-wp9q-eurd-43dx", "summary": "Jettison Out-of-bounds Write vulnerability\nJettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45693.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45693.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32569", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32579", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32607", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32645", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32713", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32642", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32617", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32748", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3359", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33676", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33698", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34071", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34107", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3412", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jettison-json/jettison", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jettison-json/jettison" }, { "reference_url": "https://github.com/jettison-json/jettison/issues/52", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T14:58:02Z/" } ], "url": "https://github.com/jettison-json/jettison/issues/52" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T14:58:02Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5312", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T14:58:02Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5312" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", "reference_id": "2155970", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "reference_url": "https://github.com/advisories/GHSA-grr4-wv38-f68w", "reference_id": "GHSA-grr4-wv38-f68w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-grr4-wv38-f68w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0544", "reference_id": "RHSA-2023:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3610", "reference_id": "RHSA-2023:3610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1027", "reference_id": "RHSA-2024:1027", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1027" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1746", "reference_id": "RHSA-2025:1746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1747", "reference_id": "RHSA-2025:1747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1747" }, { "reference_url": "https://usn.ubuntu.com/6177-1/", "reference_id": "USN-6177-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6177-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-45693", "GHSA-grr4-wv38-f68w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wp9q-eurd-43dx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57525?format=api", "vulnerability_id": "VCID-xq5k-dyk9-u3ct", "summary": "Cross Site Request Forgery in Jenkins Blue Ocean Plugin\nA cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. Blue Ocean Plugin 1.25.4 requires POST requests and the appropriate permissions for the affected HTTP endpoints.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30953.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30953.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24133", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24093", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28453", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28782", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.2885", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28891", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28897", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28853", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28803", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28824", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.288", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.2875", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28638", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28525", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30953" }, { "reference_url": "https://github.com/jenkinsci/blueocean-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/blueocean-plugin" }, { "reference_url": "https://github.com/jenkinsci/blueocean-plugin/commit/9f44b895d018c514d5dccc1f2190a2a029e58259", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/blueocean-plugin/commit/9f44b895d018c514d5dccc1f2190a2a029e58259" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30953", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30953" }, { "reference_url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/05/17/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/05/17/8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119646", "reference_id": "2119646", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119646" }, { "reference_url": "https://github.com/advisories/GHSA-hgpq-42pf-9vfq", "reference_id": "GHSA-hgpq-42pf-9vfq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgpq-42pf-9vfq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0017", "reference_id": "RHSA-2023:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0560", "reference_id": "RHSA-2023:0560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0777", "reference_id": "RHSA-2023:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3198", "reference_id": "RHSA-2023:3198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3610", "reference_id": "RHSA-2023:3610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3622", "reference_id": "RHSA-2023:3622", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3622" } ], "fixed_packages": [], "aliases": [ "CVE-2022-30953", "GHSA-hgpq-42pf-9vfq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xq5k-dyk9-u3ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17646?format=api", "vulnerability_id": "VCID-yph7-zq7p-j3hz", "summary": "Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability\nAn arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32981.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32981.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01044", "scoring_system": "epss", "scoring_elements": "0.77478", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01044", "scoring_system": "epss", "scoring_elements": "0.77497", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01044", "scoring_system": "epss", "scoring_elements": "0.77471", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01044", "scoring_system": "epss", "scoring_elements": "0.77462", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01044", "scoring_system": "epss", "scoring_elements": "0.77432", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01044", "scoring_system": "epss", "scoring_elements": "0.77427", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01044", "scoring_system": "epss", "scoring_elements": "0.77452", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02338", "scoring_system": "epss", "scoring_elements": "0.8491", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02338", "scoring_system": "epss", "scoring_elements": "0.84854", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02338", "scoring_system": "epss", "scoring_elements": "0.84876", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02338", "scoring_system": "epss", "scoring_elements": "0.84877", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02338", "scoring_system": "epss", "scoring_elements": "0.84874", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02338", "scoring_system": "epss", "scoring_elements": "0.849", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32981" }, { "reference_url": "https://github.com/jenkinsci/pipeline-utility-steps-plugin/commit/0ba4f329ee27c023609653e25bdd5604c5e46a11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/pipeline-utility-steps-plugin/commit/0ba4f329ee27c023609653e25bdd5604c5e46a11" }, { "reference_url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-23T20:48:10Z/" } ], "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835", "reference_id": "2207835", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981", "reference_id": "CVE-2023-32981", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981" }, { "reference_url": "https://github.com/advisories/GHSA-6987-xccv-fhjp", "reference_id": "GHSA-6987-xccv-fhjp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6987-xccv-fhjp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3610", "reference_id": "RHSA-2023:3610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3625", "reference_id": "RHSA-2023:3625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3663", "reference_id": "RHSA-2023:3663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "fixed_packages": [], "aliases": [ "CVE-2023-32981", "GHSA-6987-xccv-fhjp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yph7-zq7p-j3hz" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.12.1686649756-1%3Farch=el8" }