Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins-2-plugins@4.12.1683009955-1?arch=el8
Typerpm
Namespaceredhat
Namejenkins-2-plugins
Version4.12.1683009955-1
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-5bu5-5b6n-nuft
vulnerability_id VCID-5bu5-5b6n-nuft
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24422
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07636
published_at 2026-04-21T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07494
published_at 2026-04-18T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.07507
published_at 2026-04-16T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07582
published_at 2026-04-13T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07595
published_at 2026-04-12T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.07607
published_at 2026-04-11T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.0753
published_at 2026-04-07T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07548
published_at 2026-04-04T12:55:00Z
8
value 0.00027
scoring_system epss
scoring_elements 0.07589
published_at 2026-04-08T12:55:00Z
9
value 0.00027
scoring_system epss
scoring_elements 0.07508
published_at 2026-04-02T12:55:00Z
10
value 0.00027
scoring_system epss
scoring_elements 0.07609
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24422
2
reference_url https://github.com/jenkinsci/script-security-plugin
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin
3
reference_url https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73
4
reference_url https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T14:29:50Z/
url https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164278
reference_id 2164278
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164278
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24422
reference_id CVE-2023-24422
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24422
7
reference_url https://github.com/advisories/GHSA-76qj-9gwh-pvv3
reference_id GHSA-76qj-9gwh-pvv3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76qj-9gwh-pvv3
8
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
9
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
10
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
11
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
12
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
13
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
14
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
15
reference_url https://access.redhat.com/errata/RHSA-2023:6179
reference_id RHSA-2023:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6179
16
reference_url https://access.redhat.com/errata/RHSA-2023:7288
reference_id RHSA-2023:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7288
17
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
18
reference_url https://access.redhat.com/errata/RHSA-2024:0776
reference_id RHSA-2024:0776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0776
19
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
20
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-24422, GHSA-76qj-9gwh-pvv3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bu5-5b6n-nuft
1
url VCID-j986-mtma-b3bw
vulnerability_id VCID-j986-mtma-b3bw
summary 
Arbitrary code execution in Apache Commons Text
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
references
0
reference_url http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html
1
reference_url http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42889.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42889.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42889
reference_id
reference_type
scores
0
value 0.94251
scoring_system epss
scoring_elements 0.99931
published_at 2026-04-18T12:55:00Z
1
value 0.94251
scoring_system epss
scoring_elements 0.99932
published_at 2026-04-21T12:55:00Z
2
value 0.94251
scoring_system epss
scoring_elements 0.9993
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42889
4
reference_url https://arxiv.org/pdf/2306.05534
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://arxiv.org/pdf/2306.05534
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889
6
reference_url http://seclists.org/fulldisclosure/2023/Feb/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url http://seclists.org/fulldisclosure/2023/Feb/3
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/apache/commons-text
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-text
9
reference_url https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42889
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42889
11
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022
12
reference_url https://security.gentoo.org/glsa/202301-05
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url https://security.gentoo.org/glsa/202301-05
13
reference_url https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text
14
reference_url https://security.netapp.com/advisory/ntap-20221020-0004
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221020-0004
15
reference_url https://security.netapp.com/advisory/ntap-20221020-0004/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url https://security.netapp.com/advisory/ntap-20221020-0004/
16
reference_url http://www.openwall.com/lists/oss-security/2022/10/13/4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url http://www.openwall.com/lists/oss-security/2022/10/13/4
17
reference_url http://www.openwall.com/lists/oss-security/2022/10/18/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/
url http://www.openwall.com/lists/oss-security/2022/10/18/1
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021787
reference_id 1021787
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021787
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135435
reference_id 2135435
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135435
20
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52261.py
reference_id CVE-2022-42889
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52261.py
21
reference_url https://github.com/advisories/GHSA-599f-7c49-w659
reference_id GHSA-599f-7c49-w659
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-599f-7c49-w659
22
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
23
reference_url https://access.redhat.com/errata/RHSA-2022:8876
reference_id RHSA-2022:8876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8876
24
reference_url https://access.redhat.com/errata/RHSA-2022:8902
reference_id RHSA-2022:8902
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8902
25
reference_url https://access.redhat.com/errata/RHSA-2022:9023
reference_id RHSA-2022:9023
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9023
26
reference_url https://access.redhat.com/errata/RHSA-2023:0261
reference_id RHSA-2023:0261
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0261
27
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
28
reference_url https://access.redhat.com/errata/RHSA-2023:1006
reference_id RHSA-2023:1006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1006
29
reference_url https://access.redhat.com/errata/RHSA-2023:1524
reference_id RHSA-2023:1524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1524
30
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
31
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
32
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
33
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
34
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
35
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
36
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
37
reference_url https://access.redhat.com/errata/RHSA-2023:6179
reference_id RHSA-2023:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6179
38
reference_url https://access.redhat.com/errata/RHSA-2023:7288
reference_id RHSA-2023:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7288
39
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
40
reference_url https://access.redhat.com/errata/RHSA-2024:0776
reference_id RHSA-2024:0776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0776
41
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
42
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
43
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
44
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
fixed_packages
aliases CVE-2022-42889, GHSA-599f-7c49-w659
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j986-mtma-b3bw
2
url VCID-quvj-3tpk-qug1
vulnerability_id VCID-quvj-3tpk-qug1
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25761
reference_id
reference_type
scores
0
value 0.0175
scoring_system epss
scoring_elements 0.82597
published_at 2026-04-21T12:55:00Z
1
value 0.0175
scoring_system epss
scoring_elements 0.82562
published_at 2026-04-12T12:55:00Z
2
value 0.0175
scoring_system epss
scoring_elements 0.82593
published_at 2026-04-18T12:55:00Z
3
value 0.0175
scoring_system epss
scoring_elements 0.82557
published_at 2026-04-13T12:55:00Z
4
value 0.0175
scoring_system epss
scoring_elements 0.82521
published_at 2026-04-04T12:55:00Z
5
value 0.0175
scoring_system epss
scoring_elements 0.82517
published_at 2026-04-07T12:55:00Z
6
value 0.0175
scoring_system epss
scoring_elements 0.82543
published_at 2026-04-08T12:55:00Z
7
value 0.0175
scoring_system epss
scoring_elements 0.82551
published_at 2026-04-09T12:55:00Z
8
value 0.0175
scoring_system epss
scoring_elements 0.82569
published_at 2026-04-11T12:55:00Z
9
value 0.0175
scoring_system epss
scoring_elements 0.82503
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25761
2
reference_url https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02
3
reference_url https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:36:40Z/
url https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032
4
reference_url http://www.openwall.com/lists/oss-security/2023/02/15/4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:36:40Z/
url http://www.openwall.com/lists/oss-security/2023/02/15/4
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170039
reference_id 2170039
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170039
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25761
reference_id CVE-2023-25761
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25761
7
reference_url https://github.com/advisories/GHSA-ph74-8rgx-64c5
reference_id GHSA-ph74-8rgx-64c5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ph74-8rgx-64c5
8
reference_url https://access.redhat.com/errata/RHSA-2023:1866
reference_id RHSA-2023:1866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1866
9
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
10
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
11
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
12
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
13
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
14
reference_url https://access.redhat.com/errata/RHSA-2023:6179
reference_id RHSA-2023:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6179
15
reference_url https://access.redhat.com/errata/RHSA-2023:7288
reference_id RHSA-2023:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7288
16
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
17
reference_url https://access.redhat.com/errata/RHSA-2024:0776
reference_id RHSA-2024:0776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0776
18
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
19
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-25761, GHSA-ph74-8rgx-64c5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-quvj-3tpk-qug1
3
url VCID-zxcj-h6nx-m7gq
vulnerability_id VCID-zxcj-h6nx-m7gq
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25762.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25762.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25762
reference_id
reference_type
scores
0
value 0.6532
scoring_system epss
scoring_elements 0.98493
published_at 2026-04-21T12:55:00Z
1
value 0.6532
scoring_system epss
scoring_elements 0.98492
published_at 2026-04-18T12:55:00Z
2
value 0.6532
scoring_system epss
scoring_elements 0.98485
published_at 2026-04-13T12:55:00Z
3
value 0.6532
scoring_system epss
scoring_elements 0.98486
published_at 2026-04-11T12:55:00Z
4
value 0.6532
scoring_system epss
scoring_elements 0.98483
published_at 2026-04-09T12:55:00Z
5
value 0.6532
scoring_system epss
scoring_elements 0.98482
published_at 2026-04-08T12:55:00Z
6
value 0.6532
scoring_system epss
scoring_elements 0.98478
published_at 2026-04-07T12:55:00Z
7
value 0.6532
scoring_system epss
scoring_elements 0.98477
published_at 2026-04-04T12:55:00Z
8
value 0.6532
scoring_system epss
scoring_elements 0.98474
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25762
2
reference_url https://github.com/jenkinsci/pipeline-build-step-plugin
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-build-step-plugin
3
reference_url https://github.com/jenkinsci/pipeline-build-step-plugin/commit/0eaf88a695244ddb69d16c11b96659167dbead92
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-build-step-plugin/commit/0eaf88a695244ddb69d16c11b96659167dbead92
4
reference_url https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T18:48:31Z/
url https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019
5
reference_url http://www.openwall.com/lists/oss-security/2023/02/15/4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T18:48:31Z/
url http://www.openwall.com/lists/oss-security/2023/02/15/4
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170041
reference_id 2170041
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170041
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25762
reference_id CVE-2023-25762
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25762
8
reference_url https://github.com/advisories/GHSA-9j65-3f2q-8q2r
reference_id GHSA-9j65-3f2q-8q2r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9j65-3f2q-8q2r
9
reference_url https://access.redhat.com/errata/RHSA-2023:1866
reference_id RHSA-2023:1866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1866
10
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
11
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
12
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
13
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
14
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
15
reference_url https://access.redhat.com/errata/RHSA-2023:6179
reference_id RHSA-2023:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6179
16
reference_url https://access.redhat.com/errata/RHSA-2023:7288
reference_id RHSA-2023:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7288
17
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
18
reference_url https://access.redhat.com/errata/RHSA-2024:0776
reference_id RHSA-2024:0776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0776
19
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
20
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-25762, GHSA-9j65-3f2q-8q2r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxcj-h6nx-m7gq
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.12.1683009955-1%3Farch=el8