Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins@2.361.1.1675668150-1?arch=el8
Typerpm
Namespaceredhat
Namejenkins
Version2.361.1.1675668150-1
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-dvyn-8phs-a3a6
vulnerability_id VCID-dvyn-8phs-a3a6
summary 
Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service
### Description
Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread.
If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response.
If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service.

### Impact
A malicious client may render the server unresponsive.

### Patches
The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10.

### Workarounds
No workaround available within Jetty itself.
One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy)

### For more information
If you have any questions or comments about this advisory:
* Email us at security@webtide.com.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2048.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2048.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2048
reference_id
reference_type
scores
0
value 0.01287
scoring_system epss
scoring_elements 0.79667
published_at 2026-04-18T12:55:00Z
1
value 0.01287
scoring_system epss
scoring_elements 0.79637
published_at 2026-04-13T12:55:00Z
2
value 0.01287
scoring_system epss
scoring_elements 0.79644
published_at 2026-04-12T12:55:00Z
3
value 0.01287
scoring_system epss
scoring_elements 0.7966
published_at 2026-04-11T12:55:00Z
4
value 0.01287
scoring_system epss
scoring_elements 0.79639
published_at 2026-04-09T12:55:00Z
5
value 0.01287
scoring_system epss
scoring_elements 0.79631
published_at 2026-04-08T12:55:00Z
6
value 0.01287
scoring_system epss
scoring_elements 0.79603
published_at 2026-04-07T12:55:00Z
7
value 0.01287
scoring_system epss
scoring_elements 0.79616
published_at 2026-04-04T12:55:00Z
8
value 0.01287
scoring_system epss
scoring_elements 0.79593
published_at 2026-04-02T12:55:00Z
9
value 0.01288
scoring_system epss
scoring_elements 0.79677
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2048
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2047
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2048
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
6
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
7
reference_url https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2048
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2048
9
reference_url https://security.netapp.com/advisory/ntap-20220901-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220901-0006
10
reference_url https://security.netapp.com/advisory/ntap-20220901-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220901-0006/
11
reference_url https://www.debian.org/security/2022/dsa-5198
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5198
12
reference_url http://www.openwall.com/lists/oss-security/2022/09/09/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/09/09/2
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2116952
reference_id 2116952
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2116952
14
reference_url https://github.com/advisories/GHSA-wgmr-mf83-7x4j
reference_id GHSA-wgmr-mf83-7x4j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wgmr-mf83-7x4j
15
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
16
reference_url https://access.redhat.com/errata/RHSA-2023:0017
reference_id RHSA-2023:0017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0017
17
reference_url https://access.redhat.com/errata/RHSA-2023:0189
reference_id RHSA-2023:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0189
18
reference_url https://access.redhat.com/errata/RHSA-2023:0777
reference_id RHSA-2023:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0777
19
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
fixed_packages
aliases CVE-2022-2048, GHSA-wgmr-mf83-7x4j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvyn-8phs-a3a6
1
url VCID-vgg4-g95a-gkey
vulnerability_id VCID-vgg4-g95a-gkey
summary 
Observable timing discrepancy allows determining username validity in Jenkins
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. This allows attackers to determine the validity of attacker-specified usernames.

Login attempts with an invalid username now validate a synthetic password to eliminate the timing discrepancy in Jenkins 2.356, LTS 2.332.4.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34174.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34174.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34174
reference_id
reference_type
scores
0
value 0.00863
scoring_system epss
scoring_elements 0.75113
published_at 2026-04-21T12:55:00Z
1
value 0.00863
scoring_system epss
scoring_elements 0.75123
published_at 2026-04-18T12:55:00Z
2
value 0.00863
scoring_system epss
scoring_elements 0.75116
published_at 2026-04-16T12:55:00Z
3
value 0.00863
scoring_system epss
scoring_elements 0.75078
published_at 2026-04-13T12:55:00Z
4
value 0.01169
scoring_system epss
scoring_elements 0.7861
published_at 2026-04-02T12:55:00Z
5
value 0.01169
scoring_system epss
scoring_elements 0.78641
published_at 2026-04-04T12:55:00Z
6
value 0.01169
scoring_system epss
scoring_elements 0.78622
published_at 2026-04-07T12:55:00Z
7
value 0.01169
scoring_system epss
scoring_elements 0.78647
published_at 2026-04-08T12:55:00Z
8
value 0.01169
scoring_system epss
scoring_elements 0.78654
published_at 2026-04-09T12:55:00Z
9
value 0.01169
scoring_system epss
scoring_elements 0.78679
published_at 2026-04-11T12:55:00Z
10
value 0.01169
scoring_system epss
scoring_elements 0.7866
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34174
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/957ef5902f2e40b6358e6d10f12b26f9dbd2f75a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/957ef5902f2e40b6358e6d10f12b26f9dbd2f75a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34174
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34174
5
reference_url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119653
reference_id 2119653
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119653
7
reference_url https://github.com/advisories/GHSA-9grj-j43m-mjqr
reference_id GHSA-9grj-j43m-mjqr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9grj-j43m-mjqr
8
reference_url https://access.redhat.com/errata/RHSA-2023:0017
reference_id RHSA-2023:0017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0017
9
reference_url https://access.redhat.com/errata/RHSA-2023:0697
reference_id RHSA-2023:0697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0697
10
reference_url https://access.redhat.com/errata/RHSA-2023:0777
reference_id RHSA-2023:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0777
fixed_packages
aliases CVE-2022-34174, GHSA-9grj-j43m-mjqr
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgg4-g95a-gkey
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.361.1.1675668150-1%3Farch=el8