Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-4tt7-hwz7-nfhf

Summary

Jenkins allows Deserialization of Untrusted Data via an XML File
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.

Aliases

alias	CVE-2016-0792

alias	GHSA-45rg-g72w-r393

Fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@1.642.2
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@1.642.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.642.2

url	pkg:maven/org.jenkins-ci.main/jenkins-core@1.650
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@1.650
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.650

Affected_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@1.643

purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.643

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-y5vs-8bqz-sqf5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.643

url pkg:rpm/redhat/activemq@5.9.0-6.redhat.611463?arch=el6op

purl pkg:rpm/redhat/activemq@5.9.0-6.redhat.611463?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/activemq@5.9.0-6.redhat.611463%3Farch=el6op

url pkg:rpm/redhat/ImageMagick@6.7.2.7-5?arch=el6_8

purl pkg:rpm/redhat/ImageMagick@6.7.2.7-5?arch=el6_8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f66-aukm-nyb3

vulnerability	VCID-2t4v-16se-7qef

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-7fmu-6e6q-r7hd

vulnerability	VCID-7wrg-6pw1-nucx

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-a1z8-rynx-p7a8

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-hz8y-hdp6-t3bx

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-qc16-r3cs-cbdr

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ImageMagick@6.7.2.7-5%3Farch=el6_8

url pkg:rpm/redhat/jenkins@1.642.2-1?arch=el7

purl pkg:rpm/redhat/jenkins@1.642.2-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-y5vs-8bqz-sqf5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@1.642.2-1%3Farch=el7

url pkg:rpm/redhat/jenkins@1.651.2-1?arch=el6op

purl pkg:rpm/redhat/jenkins@1.651.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@1.651.2-1%3Farch=el6op

url pkg:rpm/redhat/jenkins-plugin-credentials@1.24-2?arch=el7

purl pkg:rpm/redhat/jenkins-plugin-credentials@1.24-2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-y5vs-8bqz-sqf5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-plugin-credentials@1.24-2%3Farch=el7

url pkg:rpm/redhat/jenkins-plugin-durable-task@1.7-1?arch=el7

purl pkg:rpm/redhat/jenkins-plugin-durable-task@1.7-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-y5vs-8bqz-sqf5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-plugin-durable-task@1.7-1%3Farch=el7

url pkg:rpm/redhat/jenkins-plugin-kubernetes@0.5-1?arch=el7

purl pkg:rpm/redhat/jenkins-plugin-kubernetes@0.5-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-y5vs-8bqz-sqf5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-plugin-kubernetes@0.5-1%3Farch=el7

url pkg:rpm/redhat/jenkins-plugin-openshift-pipeline@1.0.9-1?arch=el7

purl pkg:rpm/redhat/jenkins-plugin-openshift-pipeline@1.0.9-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-y5vs-8bqz-sqf5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-plugin-openshift-pipeline@1.0.9-1%3Farch=el7

url pkg:rpm/redhat/libcgroup@0.40.rc1-18?arch=el6_8

purl pkg:rpm/redhat/libcgroup@0.40.rc1-18?arch=el6_8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libcgroup@0.40.rc1-18%3Farch=el6_8

url pkg:rpm/redhat/openshift-origin-broker@1.16.3.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-broker@1.16.3.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-broker@1.16.3.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-broker-util@1.37.6.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-broker-util@1.37.6.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-broker-util@1.37.6.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.4.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.4.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.4.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-diy@1.26.2.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-diy@1.26.2.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-diy@1.26.2.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.6.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.6.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.6.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-jbosseap@2.27.4.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-jbosseap@2.27.4.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-jbosseap@2.27.4.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-jbossews@1.35.5.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-jbossews@1.35.5.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-jbossews@1.35.5.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.29.2.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.29.2.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.29.2.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-jenkins-client@1.26.1.1-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-jenkins-client@1.26.1.1-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-jenkins-client@1.26.1.1-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-mongodb@1.26.2.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-mongodb@1.26.2.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-mongodb@1.26.2.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.3.3-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.3.3-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.3.3-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-nodejs@1.33.1.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-nodejs@1.33.1.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-nodejs@1.33.1.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-perl@1.30.2.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-perl@1.30.2.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-perl@1.30.2.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.4.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.4.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.4.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.3.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.3.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.3.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-ruby@1.32.2.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-ruby@1.32.2.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-ruby@1.32.2.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.2-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.2-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.2-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-node-proxy@1.26.3.1-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-node-proxy@1.26.3.1-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-node-proxy@1.26.3.1-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-node-util@1.38.7.1-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-node-util@1.38.7.1-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-node-util@1.38.7.1-1%3Farch=el6op

url pkg:rpm/redhat/rhc@1.38.7.1-1?arch=el6op

purl pkg:rpm/redhat/rhc@1.38.7.1-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rhc@1.38.7.1-1%3Farch=el6op

url pkg:rpm/redhat/rubygem-openshift-origin-admin-console@1.28.2.1-1?arch=el6op

purl pkg:rpm/redhat/rubygem-openshift-origin-admin-console@1.28.2.1-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-openshift-origin-admin-console@1.28.2.1-1%3Farch=el6op

url pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.6.4-1?arch=el6op

purl pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.6.4-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.6.4-1%3Farch=el6op

url pkg:rpm/redhat/rubygem-openshift-origin-frontend-haproxy-sni-proxy@0.5.2.1-1?arch=el6op

purl pkg:rpm/redhat/rubygem-openshift-origin-frontend-haproxy-sni-proxy@0.5.2.1-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-openshift-origin-frontend-haproxy-sni-proxy@0.5.2.1-1%3Farch=el6op

url pkg:rpm/redhat/rubygem-openshift-origin-msg-broker-mcollective@1.36.2.4-1?arch=el6op

purl pkg:rpm/redhat/rubygem-openshift-origin-msg-broker-mcollective@1.36.2.4-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-openshift-origin-msg-broker-mcollective@1.36.2.4-1%3Farch=el6op

url pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.6.4-1?arch=el6op

purl pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.6.4-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.6.4-1%3Farch=el6op

url pkg:rpm/redhat/rubygem-openshift-origin-routing-daemon@0.26.6.1-1?arch=el6op

purl pkg:rpm/redhat/rubygem-openshift-origin-routing-daemon@0.26.6.1-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32uq-r1e7-3ub4

vulnerability	VCID-3bxq-vmjj-kqfe

vulnerability	VCID-3keu-g1gc-kyhf

vulnerability	VCID-4tt7-hwz7-nfhf

vulnerability	VCID-5tfj-bm2b-ffhm

vulnerability	VCID-891k-xz71-guc5

vulnerability	VCID-8y2p-df9x-a7cp

vulnerability	VCID-b69p-t71y-hbhd

vulnerability	VCID-jaty-3r2s-pqc2

vulnerability	VCID-kt3k-9uyt-13d1

vulnerability	VCID-p7v4-63fw-kqaj

vulnerability	VCID-puux-2z74-3yea

vulnerability	VCID-y5vs-8bqz-sqf5

vulnerability	VCID-yvec-gpmh-73hq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-openshift-origin-routing-daemon@0.26.6.1-1%3Farch=el6op

References

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1773.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1773.html

reference_url

https://access.redhat.com/errata/RHSA-2016:0711

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:0711

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0792.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0792.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-0792

reference_id

reference_type

scores

value	0.90851
scoring_system	epss
scoring_elements	0.99628
published_at	2026-04-01T12:55:00Z

value	0.90851
scoring_system	epss
scoring_elements	0.99631
published_at	2026-04-18T12:55:00Z

value	0.90851
scoring_system	epss
scoring_elements	0.9963
published_at	2026-04-13T12:55:00Z

value	0.90851
scoring_system	epss
scoring_elements	0.99629
published_at	2026-04-04T12:55:00Z

value	0.90851
scoring_system	epss
scoring_elements	0.99627
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0792

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/7f202f0317e60cd3160f61467b8558f864f83f41

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/7f202f0317e60cd3160f61467b8558f864f83f41

reference_url

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24

reference_url

https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream

reference_url

https://www.exploit-db.com/exploits/42394

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/42394

reference_url	https://www.exploit-db.com/exploits/42394/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/42394/

reference_url

https://www.exploit-db.com/exploits/43375

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/43375

reference_url	https://www.exploit-db.com/exploits/43375/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/43375/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1311950
reference_id	1311950
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1311950

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:3.1::::enterprise:::
reference_id	cpe:2.3:a:redhat:openshift:3.1::::enterprise:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:3.1::::enterprise:::

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/42394.py
reference_id	CVE-2016-0792
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/42394.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/43375.rb
reference_id	CVE-2016-0792
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/43375.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0792

reference_id

CVE-2016-0792

reference_type

scores

value	9.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:C/I:C/A:C

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0792

reference_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/76823e9fe6e38e88c2a25bc5a13c6b2bec6aeeb2/modules/exploits/multi/http/jenkins_xstream_deserialize.rb
reference_id	CVE-2016-0792
reference_type	exploit
scores
url	https://raw.githubusercontent.com/rapid7/metasploit-framework/76823e9fe6e38e88c2a25bc5a13c6b2bec6aeeb2/modules/exploits/multi/http/jenkins_xstream_deserialize.rb

reference_url

https://github.com/advisories/GHSA-45rg-g72w-r393

reference_id

GHSA-45rg-g72w-r393

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-45rg-g72w-r393

reference_url	https://access.redhat.com/errata/RHSA-2016:1773
reference_id	RHSA-2016:1773
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1773

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	502
name	Deserialization of Untrusted Data
description	The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

date_added	2017-12-19
description	Jenkins - XStream Groovy classpath Deserialization (Metasploit)
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2017-12-19
exploit_type	remote
platform	multiple
source_date_updated	2017-12-19
data_source	Exploit-DB
source_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/76823e9fe6e38e88c2a25bc5a13c6b2bec6aeeb2/modules/exploits/multi/http/jenkins_xstream_deserialize.rb

date_added	`null`
description	This module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default installations. Authentication is not required to exploit the vulnerability.
required_action	`null`
due_date	`null`
notes	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
known_ransomware_campaign_use	`false`
source_date_published	2016-02-24
exploit_type	`null`
platform	Linux,Python,Unix,Windows
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/jenkins_xstream_deserialize.rb

Severity_range_score 7.0 - 9.0

Exploitability 2.0

Weighted_severity 8.1

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tt7-hwz7-nfhf

Vulnerability Instance