Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/44162?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44162?format=api", "vulnerability_id": "VCID-ss6w-thk4-7fd3", "summary": "Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation\nThe HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name.", "aliases": [ { "alias": "CVE-2015-1810" }, { "alias": "GHSA-37wm-28rm-56vw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63528?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.596.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.596.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63527?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.600", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.600" } ], "affected_packages": [], "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205627" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", "reference_id": "", "reference_type": "", "scores": [], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1810", "reference_id": "CVE-2015-1810", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1810" }, { "reference_url": "https://github.com/advisories/GHSA-37wm-28rm-56vw", "reference_id": "GHSA-37wm-28rm-56vw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-37wm-28rm-56vw" } ], "weaknesses": [ { "cwe_id": 287, "name": "Improper Authentication", "description": "When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ss6w-thk4-7fd3" }