Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/97033?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/97033?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1684911916-1?arch=el8", "type": "rpm", "namespace": "redhat", "name": "jenkins-2-plugins", "version": "4.13.1684911916-1", "qualifiers": { "arch": "el8" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16213?format=api", "vulnerability_id": "VCID-5bu5-5b6n-nuft", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07526", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0753", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07589", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07609", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07607", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07595", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07582", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07507", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07494", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07636", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07559", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07508", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07548", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24422" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73" }, { "reference_url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T14:29:50Z/" } ], "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278", "reference_id": "2164278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "reference_id": "CVE-2023-24422", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "reference_url": "https://github.com/advisories/GHSA-76qj-9gwh-pvv3", "reference_id": "GHSA-76qj-9gwh-pvv3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76qj-9gwh-pvv3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1655", "reference_id": "RHSA-2023:1655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3195", "reference_id": "RHSA-2023:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3198", "reference_id": "RHSA-2023:3198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3299", "reference_id": "RHSA-2023:3299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3610", "reference_id": "RHSA-2023:3610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6171", "reference_id": "RHSA-2023:6171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6172", "reference_id": "RHSA-2023:6172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6172" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6179", "reference_id": "RHSA-2023:6179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7288", "reference_id": "RHSA-2023:7288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0775", "reference_id": "RHSA-2024:0775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0776", "reference_id": "RHSA-2024:0776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0777", "reference_id": "RHSA-2024:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0778", "reference_id": "RHSA-2024:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "fixed_packages": [], "aliases": [ "CVE-2023-24422", "GHSA-76qj-9gwh-pvv3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5bu5-5b6n-nuft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51949?format=api", "vulnerability_id": "VCID-j986-mtma-b3bw", "summary": "Arbitrary code execution in Apache Commons Text\nApache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/" } ], "url": "http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html" }, { "reference_url": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/" } ], "url": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42889.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42889.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94251", "scoring_system": "epss", "scoring_elements": "0.99933", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.94251", "scoring_system": "epss", "scoring_elements": "0.99932", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.94251", "scoring_system": "epss", "scoring_elements": "0.99931", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.94251", "scoring_system": "epss", "scoring_elements": "0.9993", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42889" }, { "reference_url": "https://arxiv.org/pdf/2306.05534", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arxiv.org/pdf/2306.05534" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Feb/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Feb/3" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/commons-text", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-text" }, { "reference_url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/" } ], "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022" }, { "reference_url": "https://security.gentoo.org/glsa/202301-05", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/" } ], "url": "https://security.gentoo.org/glsa/202301-05" }, { "reference_url": "https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221020-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221020-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221020-0004/", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221020-0004/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/10/13/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/10/18/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/10/18/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021787", "reference_id": "1021787", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021787" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435", "reference_id": "2135435", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52261.py", "reference_id": "CVE-2022-42889", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52261.py" }, { "reference_url": "https://github.com/advisories/GHSA-599f-7c49-w659", "reference_id": "GHSA-599f-7c49-w659", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-599f-7c49-w659" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8652", "reference_id": "RHSA-2022:8652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8876", "reference_id": "RHSA-2022:8876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8902", "reference_id": "RHSA-2022:8902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9023", "reference_id": "RHSA-2022:9023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0261", "reference_id": "RHSA-2023:0261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0469", "reference_id": "RHSA-2023:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1006", "reference_id": "RHSA-2023:1006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1524", "reference_id": "RHSA-2023:1524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1655", "reference_id": "RHSA-2023:1655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3195", "reference_id": "RHSA-2023:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3198", "reference_id": "RHSA-2023:3198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3299", "reference_id": "RHSA-2023:3299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6171", "reference_id": "RHSA-2023:6171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6172", "reference_id": "RHSA-2023:6172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6172" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6179", "reference_id": "RHSA-2023:6179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7288", "reference_id": "RHSA-2023:7288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0775", "reference_id": "RHSA-2024:0775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0776", "reference_id": "RHSA-2024:0776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0777", "reference_id": "RHSA-2024:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0778", "reference_id": "RHSA-2024:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1746", "reference_id": "RHSA-2025:1746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1747", "reference_id": "RHSA-2025:1747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1747" } ], "fixed_packages": [], "aliases": [ "CVE-2022-42889", "GHSA-599f-7c49-w659" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j986-mtma-b3bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14315?format=api", "vulnerability_id": "VCID-nfjb-tkzv-fudg", "summary": "The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25647.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25647.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86142", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86151", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86152", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86053", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.8607", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86069", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86089", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86099", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86114", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86111", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86106", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86124", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86129", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86122", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/google/gson", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/gson" }, { "reference_url": "https://github.com/google/gson/pull/1991", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/gson/pull/1991" }, { "reference_url": "https://github.com/google/gson/pull/1991/commits", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/gson/pull/1991/commits" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220901-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220901-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220901-0009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220901-0009/" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5227", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5227" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010670", "reference_id": "1010670", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850", "reference_id": "2080850", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647", "reference_id": "CVE-2022-25647", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647" }, { "reference_url": "https://github.com/advisories/GHSA-4jrv-ppp4-jm57", "reference_id": "GHSA-4jrv-ppp4-jm57", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4jrv-ppp4-jm57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4985", "reference_id": "RHSA-2022:4985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4985" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5029", "reference_id": "RHSA-2022:5029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5029" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5892", "reference_id": "RHSA-2022:5892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5893", "reference_id": "RHSA-2022:5893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5893" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5894", "reference_id": "RHSA-2022:5894", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5894" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5903", "reference_id": "RHSA-2022:5903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5928", "reference_id": "RHSA-2022:5928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6819", "reference_id": "RHSA-2022:6819", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6819" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6835", "reference_id": "RHSA-2022:6835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3299", "reference_id": "RHSA-2023:3299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4437", "reference_id": "RHSA-2025:4437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4437" }, { "reference_url": "https://usn.ubuntu.com/6692-1/", "reference_id": "USN-6692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6692-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-25647", "GHSA-4jrv-ppp4-jm57" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfjb-tkzv-fudg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35815?format=api", "vulnerability_id": "VCID-pwtj-az3g-zka3", "summary": "Improper Authorization in Google OAuth Client\nPKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7692.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24266", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24307", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24322", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24435", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.2446", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24465", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.2445", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24508", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24552", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24536", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24493", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24424", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24649", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24612", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24494", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7692" }, { "reference_url": "https://github.com/googleapis/google-oauth-java-client", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/googleapis/google-oauth-java-client" }, { "reference_url": "https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824" }, { "reference_url": "https://github.com/googleapis/google-oauth-java-client/issues/469", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/googleapis/google-oauth-java-client/issues/469" }, { "reference_url": "https://lists.apache.org/thread.html/r3db6ac73e0558d64f0b664f2fa4ef0a865e57c5de20f8321d3b48678@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3db6ac73e0558d64f0b664f2fa4ef0a865e57c5de20f8321d3b48678@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/reae8909b264d1103f321b9ce1623c10c1ddc77dba9790247f2c0c90f@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/reae8909b264d1103f321b9ce1623c10c1ddc77dba9790247f2c0c90f@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276" }, { "reference_url": "https://tools.ietf.org/html/rfc7636%23section-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tools.ietf.org/html/rfc7636%23section-1" }, { "reference_url": "https://tools.ietf.org/html/rfc8252%23section-8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tools.ietf.org/html/rfc8252%23section-8.1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376", "reference_id": "1856376", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944", "reference_id": "988944", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944" }, { "reference_url": "https://github.com/advisories/GHSA-f263-c949-w85g", "reference_id": "GHSA-f263-c949-w85g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f263-c949-w85g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0560", "reference_id": "RHSA-2023:0560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0777", "reference_id": "RHSA-2023:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3299", "reference_id": "RHSA-2023:3299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6172", "reference_id": "RHSA-2023:6172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6172" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0778", "reference_id": "RHSA-2024:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "fixed_packages": [], "aliases": [ "CVE-2020-7692", "GHSA-f263-c949-w85g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwtj-az3g-zka3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16481?format=api", "vulnerability_id": "VCID-quvj-3tpk-qug1", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nJenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82628", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82517", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82543", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82551", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82569", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82562", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82557", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82593", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82597", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82618", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82503", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82635", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0175", "scoring_system": "epss", "scoring_elements": "0.82521", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25761" }, { "reference_url": "https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02" }, { "reference_url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:36:40Z/" } ], "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/02/15/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:36:40Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/02/15/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039", "reference_id": "2170039", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761", "reference_id": "CVE-2023-25761", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761" }, { "reference_url": "https://github.com/advisories/GHSA-ph74-8rgx-64c5", "reference_id": "GHSA-ph74-8rgx-64c5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ph74-8rgx-64c5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1866", "reference_id": "RHSA-2023:1866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3195", "reference_id": "RHSA-2023:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3198", "reference_id": "RHSA-2023:3198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3299", "reference_id": "RHSA-2023:3299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6171", "reference_id": "RHSA-2023:6171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6172", "reference_id": "RHSA-2023:6172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6172" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6179", "reference_id": "RHSA-2023:6179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7288", "reference_id": "RHSA-2023:7288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0775", "reference_id": "RHSA-2024:0775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0776", "reference_id": "RHSA-2024:0776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0777", "reference_id": "RHSA-2024:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0778", "reference_id": "RHSA-2024:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "fixed_packages": [], "aliases": [ "CVE-2023-25761", "GHSA-ph74-8rgx-64c5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-quvj-3tpk-qug1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53801?format=api", "vulnerability_id": "VCID-wj5y-g7z1-9qam", "summary": "fabric8 kubernetes-client vulnerable\nfabric8 Kubernetes client had an arbitrary code execution flaw in versions 5.0.0-beta-1 and higher. Attackers could potentially insert malicious YAMLs due to misconfigured YAML parsing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4178.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4178.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-4178", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2021-4178" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26354", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26416", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26454", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26456", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26295", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26348", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26626", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26671", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26483", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26477", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26535", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26574", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26525", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2658", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388" }, { "reference_url": "https://github.com/fabric8io/kubernetes-client", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/fabric8io/kubernetes-client" }, { "reference_url": "https://github.com/fabric8io/kubernetes-client/commit/445103004d1ed3153d5abb272473451d05891e39", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/fabric8io/kubernetes-client/commit/445103004d1ed3153d5abb272473451d05891e39" }, { "reference_url": "https://github.com/fabric8io/kubernetes-client/issues/3653", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/fabric8io/kubernetes-client/issues/3653" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178" }, { "reference_url": "https://www.mend.io/vulnerability-database/CVE-2021-4178", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mend.io/vulnerability-database/CVE-2021-4178" }, { "reference_url": "https://github.com/advisories/GHSA-98g7-rxmf-rrxm", "reference_id": "GHSA-98g7-rxmf-rrxm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98g7-rxmf-rrxm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0467", "reference_id": "RHSA-2022:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0469", "reference_id": "RHSA-2022:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0589", "reference_id": "RHSA-2022:0589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1013", "reference_id": "RHSA-2022:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8761", "reference_id": "RHSA-2022:8761", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8761" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3299", "reference_id": "RHSA-2023:3299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3299" } ], "fixed_packages": [], "aliases": [ "CVE-2021-4178", "GHSA-98g7-rxmf-rrxm", "GMS-2022-2960" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wj5y-g7z1-9qam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16483?format=api", "vulnerability_id": "VCID-zxcj-h6nx-m7gq", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nJenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25762.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25762.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.6532", "scoring_system": "epss", "scoring_elements": "0.98496", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.6532", "scoring_system": "epss", "scoring_elements": "0.98474", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.6532", "scoring_system": "epss", "scoring_elements": "0.98477", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.6532", "scoring_system": "epss", "scoring_elements": "0.98478", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.6532", "scoring_system": "epss", "scoring_elements": "0.98482", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.6532", "scoring_system": "epss", "scoring_elements": "0.98483", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.6532", "scoring_system": "epss", "scoring_elements": "0.98486", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.6532", "scoring_system": "epss", "scoring_elements": "0.98485", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.6532", "scoring_system": "epss", "scoring_elements": "0.98492", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.6532", "scoring_system": "epss", "scoring_elements": "0.98493", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.6532", "scoring_system": "epss", "scoring_elements": "0.98497", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25762" }, { "reference_url": "https://github.com/jenkinsci/pipeline-build-step-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/pipeline-build-step-plugin" }, { "reference_url": "https://github.com/jenkinsci/pipeline-build-step-plugin/commit/0eaf88a695244ddb69d16c11b96659167dbead92", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/pipeline-build-step-plugin/commit/0eaf88a695244ddb69d16c11b96659167dbead92" }, { "reference_url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T18:48:31Z/" } ], "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/02/15/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T18:48:31Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/02/15/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041", "reference_id": "2170041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762", "reference_id": "CVE-2023-25762", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762" }, { "reference_url": "https://github.com/advisories/GHSA-9j65-3f2q-8q2r", "reference_id": "GHSA-9j65-3f2q-8q2r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9j65-3f2q-8q2r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1866", "reference_id": "RHSA-2023:1866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3195", "reference_id": "RHSA-2023:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3198", "reference_id": "RHSA-2023:3198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3299", "reference_id": "RHSA-2023:3299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6171", "reference_id": "RHSA-2023:6171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6172", "reference_id": "RHSA-2023:6172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6172" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6179", "reference_id": "RHSA-2023:6179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7288", "reference_id": "RHSA-2023:7288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0775", "reference_id": "RHSA-2024:0775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0776", "reference_id": "RHSA-2024:0776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0777", "reference_id": "RHSA-2024:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0778", "reference_id": "RHSA-2024:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "fixed_packages": [], "aliases": [ "CVE-2023-25762", "GHSA-9j65-3f2q-8q2r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxcj-h6nx-m7gq" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.13.1684911916-1%3Farch=el8" }