Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-zftt-hmv8-judu

Summary

Improper Authentication
Users who cached their CLI authentication would remain authenticated because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.

Aliases

alias	CVE-2019-1003049

alias	GHSA-742j-jcfr-23w3

Fixed_packages

url	pkg:alpm/archlinux/jenkins@2.172-1
purl	pkg:alpm/archlinux/jenkins@2.172-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jenkins@2.172-1

url	pkg:apk/alpine/jenkins@2.164.2-r0?arch=aarch64&distroversion=v3.9&reponame=community
purl	pkg:apk/alpine/jenkins@2.164.2-r0?arch=aarch64&distroversion=v3.9&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.164.2-r0%3Farch=aarch64&distroversion=v3.9&reponame=community

url	pkg:apk/alpine/jenkins@2.164.2-r0?arch=armhf&distroversion=v3.9&reponame=community
purl	pkg:apk/alpine/jenkins@2.164.2-r0?arch=armhf&distroversion=v3.9&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.164.2-r0%3Farch=armhf&distroversion=v3.9&reponame=community

url	pkg:apk/alpine/jenkins@2.164.2-r0?arch=armv7&distroversion=v3.9&reponame=community
purl	pkg:apk/alpine/jenkins@2.164.2-r0?arch=armv7&distroversion=v3.9&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.164.2-r0%3Farch=armv7&distroversion=v3.9&reponame=community

url	pkg:apk/alpine/jenkins@2.164.2-r0?arch=x86&distroversion=v3.9&reponame=community
purl	pkg:apk/alpine/jenkins@2.164.2-r0?arch=x86&distroversion=v3.9&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.164.2-r0%3Farch=x86&distroversion=v3.9&reponame=community

url	pkg:apk/alpine/jenkins@2.164.2-r0?arch=ppc64le&distroversion=v3.9&reponame=community
purl	pkg:apk/alpine/jenkins@2.164.2-r0?arch=ppc64le&distroversion=v3.9&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.164.2-r0%3Farch=ppc64le&distroversion=v3.9&reponame=community

url	pkg:apk/alpine/jenkins@2.164.2-r0?arch=s390x&distroversion=v3.9&reponame=community
purl	pkg:apk/alpine/jenkins@2.164.2-r0?arch=s390x&distroversion=v3.9&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.164.2-r0%3Farch=s390x&distroversion=v3.9&reponame=community

url	pkg:apk/alpine/jenkins@2.164.2-r0?arch=x86_64&distroversion=v3.9&reponame=community
purl	pkg:apk/alpine/jenkins@2.164.2-r0?arch=x86_64&distroversion=v3.9&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.164.2-r0%3Farch=x86_64&distroversion=v3.9&reponame=community

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.164.2
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.164.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.164.2

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.172
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.172
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.172

Affected_packages

url pkg:alpm/archlinux/jenkins@2.171-1

purl pkg:alpm/archlinux/jenkins@2.171-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jenkins@2.171-1

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.164.1

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.164.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.164.1

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.165

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.165

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.165

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.171

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.171

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.171

url pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.117-1.git.1.376e432?arch=el7

purl pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.117-1.git.1.376e432?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.117-1.git.1.376e432%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.117-1.git.1.caa79fa?arch=el7

purl pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.117-1.git.1.caa79fa?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.117-1.git.1.caa79fa%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-descheduler@3.11.117-1.git.1.1635b0a?arch=el7

purl pkg:rpm/redhat/atomic-openshift-descheduler@3.11.117-1.git.1.1635b0a?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-descheduler@3.11.117-1.git.1.1635b0a%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.117-1.git.1.6a42b08?arch=el7

purl pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.117-1.git.1.6a42b08?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.117-1.git.1.6a42b08%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.117-1.git.1.319d58e?arch=el7

purl pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.117-1.git.1.319d58e?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.117-1.git.1.319d58e%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.117-1.git.1.0345fe3?arch=el7

purl pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.117-1.git.1.0345fe3?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.117-1.git.1.0345fe3%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-service-idler@3.11.117-1.git.1.887bb82?arch=el7

purl pkg:rpm/redhat/atomic-openshift-service-idler@3.11.117-1.git.1.887bb82?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-service-idler@3.11.117-1.git.1.887bb82%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-web-console@3.11.117-1.git.1.be7a05c?arch=el7

purl pkg:rpm/redhat/atomic-openshift-web-console@3.11.117-1.git.1.be7a05c?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-web-console@3.11.117-1.git.1.be7a05c%3Farch=el7

url pkg:rpm/redhat/cri-o@1.11.14-1.rhaos3.11.gitd56660e?arch=el7

purl pkg:rpm/redhat/cri-o@1.11.14-1.rhaos3.11.gitd56660e?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.11.14-1.rhaos3.11.gitd56660e%3Farch=el7

url pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.117-1.git.1.2b006d2?arch=el7

purl pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.117-1.git.1.2b006d2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.117-1.git.1.2b006d2%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.117-1.git.1.207ef35?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.117-1.git.1.207ef35?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.117-1.git.1.207ef35%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.117-1.git.1.dcee33f?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.117-1.git.1.dcee33f?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.117-1.git.1.dcee33f%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.117-1.git.1.f52d417?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.117-1.git.1.f52d417?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.117-1.git.1.f52d417%3Farch=el7

url pkg:rpm/redhat/jenkins@2.164.2.1555422716-1?arch=el7

purl pkg:rpm/redhat/jenkins@2.164.2.1555422716-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.164.2.1555422716-1%3Farch=el7

url pkg:rpm/redhat/jenkins-2-plugins@3.11.1559667994-1?arch=el7

purl pkg:rpm/redhat/jenkins-2-plugins@3.11.1559667994-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.11.1559667994-1%3Farch=el7

url pkg:rpm/redhat/openshift-ansible@3.11.123-1.git.0.db681ba?arch=el7

purl pkg:rpm/redhat/openshift-ansible@3.11.123-1.git.0.db681ba?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.11.123-1.git.0.db681ba%3Farch=el7

url pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.117-1.git.1.ef32a58?arch=el7

purl pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.117-1.git.1.ef32a58?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.117-1.git.1.ef32a58%3Farch=el7

url pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.117-1.git.1.6593fce?arch=el7

purl pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.117-1.git.1.6593fce?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wmw-rn4w-vqf5

vulnerability	VCID-ftky-shfy-bufk

vulnerability	VCID-s5qz-aqj7-6uhz

vulnerability	VCID-zftt-hmv8-judu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.117-1.git.1.6593fce%3Farch=el7

References

reference_url

https://access.redhat.com/errata/RHBA-2019:1605

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHBA-2019:1605

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003049.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003049.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-1003049

reference_id

reference_type

scores

value	0.00474
scoring_system	epss
scoring_elements	0.6482
published_at	2026-04-29T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64674
published_at	2026-04-01T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64726
published_at	2026-04-02T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64755
published_at	2026-04-04T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64717
published_at	2026-04-07T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64765
published_at	2026-04-08T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.6478
published_at	2026-04-09T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64797
published_at	2026-04-11T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64785
published_at	2026-04-12T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64758
published_at	2026-04-13T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64796
published_at	2026-04-16T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64806
published_at	2026-04-18T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64794
published_at	2026-04-21T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64811
published_at	2026-04-24T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64824
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-1003049

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/0eeaa087aac192fb39f52928be5a5bbf16627ea6

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/0eeaa087aac192fb39f52928be5a5bbf16627ea6

reference_url

https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1289

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1289

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

http://www.securityfocus.com/bid/107901

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/107901

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1699701
reference_id	1699701
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1699701

reference_url	https://security.archlinux.org/ASA-201904-7
reference_id	ASA-201904-7
reference_type
scores
url	https://security.archlinux.org/ASA-201904-7

reference_url

https://security.archlinux.org/AVG-948

reference_id

AVG-948

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-948

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
reference_id	cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-1003049

reference_id

CVE-2019-1003049

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-1003049

reference_url

https://github.com/advisories/GHSA-742j-jcfr-23w3

reference_id

GHSA-742j-jcfr-23w3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-742j-jcfr-23w3

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	613
name	Insufficient Session Expiration
description	According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	287
name	Improper Authentication
description	When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Exploits

Severity_range_score 4.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zftt-hmv8-judu

Vulnerability Instance