Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/jenkins-2-plugins@4.10.1685679861-1?arch=el8

Type rpm

Namespace redhat

Name jenkins-2-plugins

Version 4.10.1685679861-1

Qualifiers

arch	el8

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-bv8m-gtj8-d3eq

vulnerability_id

VCID-bv8m-gtj8-d3eq

summary

Cross-Site Request Forgery (CSRF)
A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32980.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32980.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-32980

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22152
published_at	2026-04-24T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22302
published_at	2026-04-21T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22358
published_at	2026-04-16T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22352
published_at	2026-04-18T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.2214
published_at	2026-04-26T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22342
published_at	2026-04-13T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.2704
published_at	2026-04-08T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27143
published_at	2026-04-02T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.2718
published_at	2026-04-04T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26971
published_at	2026-04-07T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27085
published_at	2026-04-09T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27088
published_at	2026-04-11T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27044
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-32980

reference_url

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(2)

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T16:02:33Z/

url

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(2)

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2207833
reference_id	2207833
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2207833

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-32980

reference_id

CVE-2023-32980

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-32980

reference_url

https://github.com/advisories/GHSA-2f89-66v2-9p53

reference_id

GHSA-2f89-66v2-9p53

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2f89-66v2-9p53

reference_url	https://access.redhat.com/errata/RHSA-2023:3625
reference_id	RHSA-2023:3625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3625

fixed_packages

aliases

CVE-2023-32980, GHSA-2f89-66v2-9p53

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-bv8m-gtj8-d3eq

url

VCID-v9jp-s75d-zffs

vulnerability_id

VCID-v9jp-s75d-zffs

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32977.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32977.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-32977

reference_id

reference_type

scores

value	0.03706
scoring_system	epss
scoring_elements	0.87998
published_at	2026-04-26T12:55:00Z

value	0.03706
scoring_system	epss
scoring_elements	0.87932
published_at	2026-04-07T12:55:00Z

value	0.03706
scoring_system	epss
scoring_elements	0.87952
published_at	2026-04-08T12:55:00Z

value	0.03706
scoring_system	epss
scoring_elements	0.87959
published_at	2026-04-09T12:55:00Z

value	0.03706
scoring_system	epss
scoring_elements	0.8797
published_at	2026-04-11T12:55:00Z

value	0.03706
scoring_system	epss
scoring_elements	0.87962
published_at	2026-04-12T12:55:00Z

value	0.03706
scoring_system	epss
scoring_elements	0.87961
published_at	2026-04-13T12:55:00Z

value	0.03706
scoring_system	epss
scoring_elements	0.87975
published_at	2026-04-18T12:55:00Z

value	0.03706
scoring_system	epss
scoring_elements	0.87974
published_at	2026-04-21T12:55:00Z

value	0.03706
scoring_system	epss
scoring_elements	0.87991
published_at	2026-04-24T12:55:00Z

value	0.03706
scoring_system	epss
scoring_elements	0.87915
published_at	2026-04-02T12:55:00Z

value	0.03706
scoring_system	epss
scoring_elements	0.87928
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-32977

reference_url

https://github.com/jenkinsci/workflow-job-plugin/commit/395eb740000509bff789c7f409c90f2a4a738821

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/workflow-job-plugin/commit/395eb740000509bff789c7f409c90f2a4a738821

reference_url

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T16:05:56Z/

url

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2207830
reference_id	2207830
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2207830

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-32977

reference_id

CVE-2023-32977

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-32977

reference_url

https://github.com/advisories/GHSA-2wvv-phhw-qvmc

reference_id

GHSA-2wvv-phhw-qvmc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2wvv-phhw-qvmc

reference_url	https://access.redhat.com/errata/RHSA-2023:3610
reference_id	RHSA-2023:3610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3610

reference_url	https://access.redhat.com/errata/RHSA-2023:3625
reference_id	RHSA-2023:3625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3625

reference_url	https://access.redhat.com/errata/RHSA-2023:3663
reference_id	RHSA-2023:3663
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3663

fixed_packages

aliases

CVE-2023-32977, GHSA-2wvv-phhw-qvmc

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-v9jp-s75d-zffs

url

VCID-vjar-udts-v7cg

vulnerability_id

VCID-vjar-udts-v7cg

summary

Jenkins Email Extension Plugin missing permission check
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32979.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32979.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-32979

reference_id

reference_type

scores

value	0.00057
scoring_system	epss
scoring_elements	0.17635
published_at	2026-04-24T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17726
published_at	2026-04-21T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17677
published_at	2026-04-16T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17686
published_at	2026-04-18T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17612
published_at	2026-04-26T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17731
published_at	2026-04-13T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22269
published_at	2026-04-08T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22356
published_at	2026-04-02T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.224
published_at	2026-04-04T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22185
published_at	2026-04-07T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22323
published_at	2026-04-09T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22343
published_at	2026-04-11T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22302
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-32979

reference_url

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T16:03:36Z/

url

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2207831
reference_id	2207831
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2207831

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-32979

reference_id

CVE-2023-32979

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-32979

reference_url

https://github.com/advisories/GHSA-6gp4-2f92-j2w5

reference_id

GHSA-6gp4-2f92-j2w5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6gp4-2f92-j2w5

reference_url	https://access.redhat.com/errata/RHSA-2023:3625
reference_id	RHSA-2023:3625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3625

fixed_packages

aliases

CVE-2023-32979, GHSA-6gp4-2f92-j2w5

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-vjar-udts-v7cg

url

VCID-yph7-zq7p-j3hz

vulnerability_id

VCID-yph7-zq7p-j3hz

summary

Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability
An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32981.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32981.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-32981

reference_id

reference_type

scores

value	0.01044
scoring_system	epss
scoring_elements	0.77478
published_at	2026-04-12T12:55:00Z

value	0.01044
scoring_system	epss
scoring_elements	0.77497
published_at	2026-04-11T12:55:00Z

value	0.01044
scoring_system	epss
scoring_elements	0.77471
published_at	2026-04-09T12:55:00Z

value	0.01044
scoring_system	epss
scoring_elements	0.77462
published_at	2026-04-08T12:55:00Z

value	0.01044
scoring_system	epss
scoring_elements	0.77432
published_at	2026-04-07T12:55:00Z

value	0.01044
scoring_system	epss
scoring_elements	0.77427
published_at	2026-04-02T12:55:00Z

value	0.01044
scoring_system	epss
scoring_elements	0.77452
published_at	2026-04-04T12:55:00Z

value	0.02338
scoring_system	epss
scoring_elements	0.8491
published_at	2026-04-26T12:55:00Z

value	0.02338
scoring_system	epss
scoring_elements	0.84854
published_at	2026-04-13T12:55:00Z

value	0.02338
scoring_system	epss
scoring_elements	0.84876
published_at	2026-04-16T12:55:00Z

value	0.02338
scoring_system	epss
scoring_elements	0.84877
published_at	2026-04-18T12:55:00Z

value	0.02338
scoring_system	epss
scoring_elements	0.84874
published_at	2026-04-21T12:55:00Z

value	0.02338
scoring_system	epss
scoring_elements	0.849
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-32981

reference_url

https://github.com/jenkinsci/pipeline-utility-steps-plugin/commit/0ba4f329ee27c023609653e25bdd5604c5e46a11

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/pipeline-utility-steps-plugin/commit/0ba4f329ee27c023609653e25bdd5604c5e46a11

reference_url

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-23T20:48:10Z/

url

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2207835
reference_id	2207835
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2207835

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-32981

reference_id

CVE-2023-32981

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-32981

reference_url

https://github.com/advisories/GHSA-6987-xccv-fhjp

reference_id

GHSA-6987-xccv-fhjp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6987-xccv-fhjp

reference_url	https://access.redhat.com/errata/RHSA-2023:3610
reference_id	RHSA-2023:3610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3610

reference_url	https://access.redhat.com/errata/RHSA-2023:3625
reference_id	RHSA-2023:3625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3625

reference_url	https://access.redhat.com/errata/RHSA-2023:3663
reference_id	RHSA-2023:3663
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3663

fixed_packages

aliases

CVE-2023-32981, GHSA-6987-xccv-fhjp

risk_score

4.0

exploitability

0.5

weighted_severity

7.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-yph7-zq7p-j3hz

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.10.1685679861-1%3Farch=el8

Package Instance