Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/43281?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43281?format=api", "vulnerability_id": "VCID-y564-2n7z-r3fv", "summary": "Jenkins allows Remote Users to Build Arbitrary Jobs\nUnspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.", "aliases": [ { "alias": "CVE-2013-0330" }, { "alias": "GHSA-25c5-58xw-hw5q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61983?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/61981?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.502", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.502" } ], "affected_packages": [], "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=914878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914878" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://web.archive.org/web/20200229023853/http://www.securityfocus.com/bid/57994", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200229023853/http://www.securityfocus.com/bid/57994" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0330", "reference_id": "CVE-2013-0330", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0330" }, { "reference_url": "https://github.com/advisories/GHSA-25c5-58xw-hw5q", "reference_id": "GHSA-25c5-58xw-hw5q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-25c5-58xw-hw5q" } ], "weaknesses": [ { "cwe_id": 284, "name": "Improper Access Control", "description": "The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y564-2n7z-r3fv" }