Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-22rc-z7ra-dfh8
Summary
Jenkins has a link following vulnerability allows arbitrary file creation
Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the user running Jenkins.
This can be exploited to deploy malicious scripts or plugins on the controller by attackers with Item/Configure permission, or able to control agent processes.
Aliases
0
alias CVE-2026-33001
1
alias GHSA-r6qv-frpc-q66c
Fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.555
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.555
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.555
Affected_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.554
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.554
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-22rc-z7ra-dfh8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.554
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33001.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33001.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33001
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.30832
published_at 2026-04-11T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.3083
published_at 2026-04-09T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30798
published_at 2026-04-08T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.3074
published_at 2026-04-07T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.3092
published_at 2026-04-04T12:55:00Z
5
value 0.00118
scoring_system epss
scoring_elements 0.30873
published_at 2026-04-02T12:55:00Z
6
value 0.00123
scoring_system epss
scoring_elements 0.31441
published_at 2026-04-16T12:55:00Z
7
value 0.00123
scoring_system epss
scoring_elements 0.31407
published_at 2026-04-13T12:55:00Z
8
value 0.00123
scoring_system epss
scoring_elements 0.31444
published_at 2026-04-12T12:55:00Z
9
value 0.00123
scoring_system epss
scoring_elements 0.31419
published_at 2026-04-18T12:55:00Z
10
value 0.00142
scoring_system epss
scoring_elements 0.33984
published_at 2026-04-24T12:55:00Z
11
value 0.00142
scoring_system epss
scoring_elements 0.34356
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33001
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/6dc99937605d5bddfeaae43a4cd14c2571e23adc
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/6dc99937605d5bddfeaae43a4cd14c2571e23adc
4
reference_url https://github.com/jenkinsci/jenkins/releases/tag/jenkins-2.555
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/releases/tag/jenkins-2.555
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33001
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33001
6
reference_url https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3657
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-19T03:55:23Z/
url https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3657
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2448645
reference_id 2448645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2448645
8
reference_url https://github.com/advisories/GHSA-r6qv-frpc-q66c
reference_id GHSA-r6qv-frpc-q66c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6qv-frpc-q66c
9
reference_url https://access.redhat.com/errata/RHSA-2026:10199
reference_id RHSA-2026:10199
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10199
10
reference_url https://access.redhat.com/errata/RHSA-2026:10201
reference_id RHSA-2026:10201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10201
11
reference_url https://access.redhat.com/errata/RHSA-2026:10204
reference_id RHSA-2026:10204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10204
12
reference_url https://access.redhat.com/errata/RHSA-2026:10205
reference_id RHSA-2026:10205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10205
13
reference_url https://access.redhat.com/errata/RHSA-2026:10206
reference_id RHSA-2026:10206
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10206
14
reference_url https://access.redhat.com/errata/RHSA-2026:10209
reference_id RHSA-2026:10209
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10209
15
reference_url https://access.redhat.com/errata/RHSA-2026:10211
reference_id RHSA-2026:10211
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10211
16
reference_url https://access.redhat.com/errata/RHSA-2026:10213
reference_id RHSA-2026:10213
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10213
17
reference_url https://access.redhat.com/errata/RHSA-2026:10214
reference_id RHSA-2026:10214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10214
18
reference_url https://access.redhat.com/errata/RHSA-2026:10215
reference_id RHSA-2026:10215
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10215
Weaknesses
0
cwe_id 59
name Improper Link Resolution Before File Access ('Link Following')
description The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1
cwe_id 61
name UNIX Symbolic Link (Symlink) Following
description The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
2
cwe_id 22
name Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
4
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-22rc-z7ra-dfh8