Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/16412?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16412?format=api", "vulnerability_id": "VCID-usa5-a7x7-7yej", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nAn exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them", "aliases": [ { "alias": "CVE-2018-1000147" }, { "alias": "GHSA-jrhw-r343-pjwj" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61745?format=api", "purl": "pkg:maven/org.jvnet.hudson.plugins/perforce@1.3.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tf2r-c17z-cqh7" }, { "vulnerability": "VCID-usa5-a7x7-7yej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jvnet.hudson.plugins/perforce@1.3.36" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52982", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000147" }, { "reference_url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000147", "reference_id": "CVE-2018-1000147", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000147" }, { "reference_url": "https://github.com/advisories/GHSA-jrhw-r343-pjwj", "reference_id": "GHSA-jrhw-r343-pjwj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jrhw-r343-pjwj" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 200, "name": "Exposure of Sensitive Information to an Unauthorized Actor", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "0.0", "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-usa5-a7x7-7yej" }