Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins@2.361.1.1675406172-1?arch=el8
Typerpm
Namespaceredhat
Namejenkins
Version2.361.1.1675406172-1
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-vgg4-g95a-gkey
vulnerability_id VCID-vgg4-g95a-gkey
summary 
Observable timing discrepancy allows determining username validity in Jenkins
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. This allows attackers to determine the validity of attacker-specified usernames.

Login attempts with an invalid username now validate a synthetic password to eliminate the timing discrepancy in Jenkins 2.356, LTS 2.332.4.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34174.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34174.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34174
reference_id
reference_type
scores
0
value 0.00863
scoring_system epss
scoring_elements 0.75152
published_at 2026-04-24T12:55:00Z
1
value 0.00863
scoring_system epss
scoring_elements 0.75113
published_at 2026-04-21T12:55:00Z
2
value 0.00863
scoring_system epss
scoring_elements 0.75123
published_at 2026-04-18T12:55:00Z
3
value 0.00863
scoring_system epss
scoring_elements 0.75116
published_at 2026-04-16T12:55:00Z
4
value 0.00863
scoring_system epss
scoring_elements 0.75078
published_at 2026-04-13T12:55:00Z
5
value 0.01169
scoring_system epss
scoring_elements 0.78641
published_at 2026-04-04T12:55:00Z
6
value 0.01169
scoring_system epss
scoring_elements 0.7861
published_at 2026-04-02T12:55:00Z
7
value 0.01169
scoring_system epss
scoring_elements 0.78622
published_at 2026-04-07T12:55:00Z
8
value 0.01169
scoring_system epss
scoring_elements 0.78647
published_at 2026-04-08T12:55:00Z
9
value 0.01169
scoring_system epss
scoring_elements 0.78654
published_at 2026-04-09T12:55:00Z
10
value 0.01169
scoring_system epss
scoring_elements 0.78679
published_at 2026-04-11T12:55:00Z
11
value 0.01169
scoring_system epss
scoring_elements 0.7866
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34174
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/957ef5902f2e40b6358e6d10f12b26f9dbd2f75a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/957ef5902f2e40b6358e6d10f12b26f9dbd2f75a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34174
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34174
5
reference_url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119653
reference_id 2119653
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119653
7
reference_url https://github.com/advisories/GHSA-9grj-j43m-mjqr
reference_id GHSA-9grj-j43m-mjqr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9grj-j43m-mjqr
8
reference_url https://access.redhat.com/errata/RHSA-2023:0017
reference_id RHSA-2023:0017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0017
9
reference_url https://access.redhat.com/errata/RHSA-2023:0697
reference_id RHSA-2023:0697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0697
10
reference_url https://access.redhat.com/errata/RHSA-2023:0777
reference_id RHSA-2023:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0777
fixed_packages
aliases CVE-2022-34174, GHSA-9grj-j43m-mjqr
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgg4-g95a-gkey
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.361.1.1675406172-1%3Farch=el8