Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/43812?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43812?format=api", "vulnerability_id": "VCID-mdu9-gpvt-6bca", "summary": "Jenkins affected by Open Redirect Vulnerability\nOpen redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.", "aliases": [ { "alias": "CVE-2012-6073" }, { "alias": "GHSA-mqgf-4rw4-2cq2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62939?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62940?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.491", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.491" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61990?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.481", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3t7n-a654-suhv" }, { "vulnerability": "VCID-anqd-6ymu-pqhe" }, { "vulnerability": "VCID-mdu9-gpvt-6bca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.481" } ], "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=890608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=890608" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6073", "reference_id": "CVE-2012-6073", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6073" }, { "reference_url": "https://github.com/advisories/GHSA-mqgf-4rw4-2cq2", "reference_id": "GHSA-mqgf-4rw4-2cq2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mqgf-4rw4-2cq2" } ], "weaknesses": [ { "cwe_id": 20, "name": "Improper Input Validation", "description": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." }, { "cwe_id": 601, "name": "URL Redirection to Untrusted Site ('Open Redirect')", "description": "A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdu9-gpvt-6bca" }