Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/38981?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38981?format=api", "vulnerability_id": "VCID-jvh4-psm7-1bar", "summary": "Cross-Site Request Forgery (CSRF)\nThe Git plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.", "aliases": [ { "alias": "CVE-2017-1000092" }, { "alias": "GHSA-rf5q-8gx3-xqfc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/155155?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@3.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@3.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54353?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@3.5" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54322?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@0.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@0.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54323?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@0.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@0.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/54324?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@0.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@0.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54325?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@0.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@0.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54326?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@0.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@0.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54327?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@0.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@0.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54328?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54329?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54330?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54331?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@1.1.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@1.1.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/54332?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54333?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@1.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@1.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54334?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54335?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54336?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54337?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.2.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/54338?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54339?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/54340?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54341?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54342?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54343?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/54344?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54345?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54346?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54347?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@2.6.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@2.6.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/54348?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@3.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54349?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@3.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@3.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/54350?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@3.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54351?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@3.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@3.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54352?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git@3.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jvh4-psm7-1bar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git@3.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/153590?format=api", "purl": "pkg:rpm/redhat/atomic-openshift@3.6.173.0.21-1.git.0.f95b0e7?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6hpu-8ryw-nuaf" }, { "vulnerability": "VCID-gs2f-24hn-y7h5" }, { "vulnerability": "VCID-jvh4-psm7-1bar" }, { "vulnerability": "VCID-k5z7-7eck-gfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.6.173.0.21-1.git.0.f95b0e7%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/151712?format=api", "purl": "pkg:rpm/redhat/fluentd@0.12.39-2?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5fdk-795g-z3fr" }, { "vulnerability": "VCID-6hpu-8ryw-nuaf" }, { "vulnerability": "VCID-gs2f-24hn-y7h5" }, { "vulnerability": "VCID-jvh4-psm7-1bar" }, { "vulnerability": "VCID-k5z7-7eck-gfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/fluentd@0.12.39-2%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/153591?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.7.1502412812-1?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6hpu-8ryw-nuaf" }, { "vulnerability": "VCID-gs2f-24hn-y7h5" }, { "vulnerability": "VCID-jvh4-psm7-1bar" }, { "vulnerability": "VCID-k5z7-7eck-gfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.7.1502412812-1%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/151727?format=api", "purl": "pkg:rpm/redhat/kibana@4.6.4-3?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5fdk-795g-z3fr" }, { "vulnerability": "VCID-6hpu-8ryw-nuaf" }, { "vulnerability": "VCID-gs2f-24hn-y7h5" }, { "vulnerability": "VCID-jvh4-psm7-1bar" }, { "vulnerability": "VCID-k5z7-7eck-gfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kibana@4.6.4-3%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/151731?format=api", "purl": "pkg:rpm/redhat/rubygem-cool.io@1.5.1-1?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5fdk-795g-z3fr" }, { "vulnerability": "VCID-6hpu-8ryw-nuaf" }, { "vulnerability": "VCID-gs2f-24hn-y7h5" }, { "vulnerability": "VCID-jvh4-psm7-1bar" }, { "vulnerability": "VCID-k5z7-7eck-gfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-cool.io@1.5.1-1%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/151708?format=api", "purl": "pkg:rpm/redhat/rubygem-excon@0.58.0-1?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5fdk-795g-z3fr" }, { "vulnerability": "VCID-6hpu-8ryw-nuaf" }, { "vulnerability": "VCID-gs2f-24hn-y7h5" }, { "vulnerability": "VCID-jvh4-psm7-1bar" }, { "vulnerability": "VCID-k5z7-7eck-gfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-excon@0.58.0-1%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/151693?format=api", "purl": "pkg:rpm/redhat/rubygem-faraday@0.13.0-1?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5fdk-795g-z3fr" }, { "vulnerability": "VCID-6hpu-8ryw-nuaf" }, { "vulnerability": "VCID-gs2f-24hn-y7h5" }, { "vulnerability": "VCID-jvh4-psm7-1bar" }, { "vulnerability": "VCID-k5z7-7eck-gfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-faraday@0.13.0-1%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/151764?format=api", "purl": "pkg:rpm/redhat/rubygem-fluent-plugin-kubernetes_metadata_filter@0.29.0-1?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5fdk-795g-z3fr" }, { "vulnerability": "VCID-6hpu-8ryw-nuaf" }, { "vulnerability": "VCID-gs2f-24hn-y7h5" }, { "vulnerability": "VCID-jvh4-psm7-1bar" }, { "vulnerability": "VCID-k5z7-7eck-gfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-fluent-plugin-kubernetes_metadata_filter@0.29.0-1%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/153592?format=api", "purl": "pkg:rpm/redhat/rubygem-fluent-plugin-viaq_data_model@0.0.5-1?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6hpu-8ryw-nuaf" }, { "vulnerability": "VCID-gs2f-24hn-y7h5" }, { "vulnerability": "VCID-jvh4-psm7-1bar" }, { "vulnerability": "VCID-k5z7-7eck-gfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-fluent-plugin-viaq_data_model@0.0.5-1%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/151733?format=api", "purl": "pkg:rpm/redhat/rubygem-i18n@0.8.6-1?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5fdk-795g-z3fr" }, { "vulnerability": "VCID-6hpu-8ryw-nuaf" }, { "vulnerability": "VCID-gs2f-24hn-y7h5" }, { "vulnerability": "VCID-jvh4-psm7-1bar" }, { "vulnerability": "VCID-k5z7-7eck-gfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-i18n@0.8.6-1%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/151722?format=api", "purl": "pkg:rpm/redhat/rubygem-systemd-journal@1.3.0-1?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5fdk-795g-z3fr" }, { "vulnerability": "VCID-6hpu-8ryw-nuaf" }, { "vulnerability": "VCID-gs2f-24hn-y7h5" }, { "vulnerability": "VCID-jvh4-psm7-1bar" }, { "vulnerability": "VCID-k5z7-7eck-gfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-systemd-journal@1.3.0-1%3Farch=el7" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000092.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000092.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34796", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000092" }, { "reference_url": "https://jenkins.io/security/advisory/2017-07-10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2017-07-10" }, { "reference_url": "https://jenkins.io/security/advisory/2017-07-10/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jenkins.io/security/advisory/2017-07-10/" }, { "reference_url": "http://www.securityfocus.com/bid/100435", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100435" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471053", "reference_id": "1471053", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471053" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000092", "reference_id": "CVE-2017-1000092", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000092" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 352, "name": "Cross-Site Request Forgery (CSRF)", "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "3.1 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvh4-psm7-1bar" }