Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/51876?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51876?format=api", "vulnerability_id": "VCID-s839-rpta-6bej", "summary": "Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution\nA sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Pipeline: Groovy Plugin 2803.v1a_f77ffcc773 intercepts Groovy casts performed implicitly by the Groovy language runtime", "aliases": [ { "alias": "CVE-2022-43402" }, { "alias": "GHSA-mqc2-w9r8-mmxm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79377?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2803.v1a_f77ffcc773", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2803.v1a_f77ffcc773" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/993992?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/groovy@2802.v5ea_628154b_c2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s839-rpta-6bej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/groovy@2802.v5ea_628154b_c2" }, { "url": "http://public2.vulnerablecode.io/api/packages/337403?format=api", "purl": "pkg:maven/org.jvnet.hudson.plugins/groovy@1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s839-rpta-6bej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jvnet.hudson.plugins/groovy@1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/337404?format=api", "purl": "pkg:maven/org.jvnet.hudson.plugins/groovy@1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s839-rpta-6bej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jvnet.hudson.plugins/groovy@1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/337405?format=api", "purl": "pkg:maven/org.jvnet.hudson.plugins/groovy@1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s839-rpta-6bej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jvnet.hudson.plugins/groovy@1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/337406?format=api", "purl": "pkg:maven/org.jvnet.hudson.plugins/groovy@1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s839-rpta-6bej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jvnet.hudson.plugins/groovy@1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/337407?format=api", "purl": "pkg:maven/org.jvnet.hudson.plugins/groovy@1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s839-rpta-6bej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jvnet.hudson.plugins/groovy@1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/337408?format=api", "purl": "pkg:maven/org.jvnet.hudson.plugins/groovy@1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s839-rpta-6bej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jvnet.hudson.plugins/groovy@1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/993993?format=api", "purl": "pkg:maven/org.jvnet.hudson.plugins/groovy@2802.v5ea_628154b_c2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s839-rpta-6bej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jvnet.hudson.plugins/groovy@2802.v5ea_628154b_c2" }, { "url": "http://public2.vulnerablecode.io/api/packages/97536?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.9.1675668922-1?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13zs-2sn8-3yey" }, { "vulnerability": "VCID-1tha-u7dt-tfc9" }, { "vulnerability": "VCID-2zhb-qfhq-xkdp" }, { "vulnerability": "VCID-4qvq-xv22-xbed" }, { "vulnerability": "VCID-5jjh-qcnz-mye7" }, { "vulnerability": "VCID-73th-g3mx-dqf1" }, { "vulnerability": "VCID-892e-957y-4yc8" }, { "vulnerability": "VCID-9h4k-xjx5-afc8" }, { "vulnerability": "VCID-atqg-nfz6-zyfs" }, { "vulnerability": "VCID-ca7m-fb38-kfe2" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-fzvq-dpvh-v7eu" }, { "vulnerability": "VCID-gxu6-51zm-sfh7" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-n5vc-ggjg-kfc1" }, { "vulnerability": "VCID-netd-rr9e-wbg5" }, { "vulnerability": "VCID-pnge-tumu-v7e2" }, { "vulnerability": "VCID-pwtj-az3g-zka3" }, { "vulnerability": "VCID-rs56-6qvx-vucg" }, { "vulnerability": "VCID-rxtr-936k-h3cc" }, { "vulnerability": "VCID-s839-rpta-6bej" }, { "vulnerability": "VCID-tx8n-nmhx-gqg1" }, { "vulnerability": "VCID-ubq1-gzr6-x3fu" }, { "vulnerability": "VCID-xq5k-dyk9-u3ct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.9.1675668922-1%3Farch=el8" }, { "url": "http://public2.vulnerablecode.io/api/packages/97535?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.10.1675144701-1?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13zs-2sn8-3yey" }, { "vulnerability": "VCID-1tha-u7dt-tfc9" }, { "vulnerability": "VCID-2zhb-qfhq-xkdp" }, { "vulnerability": "VCID-4qvq-xv22-xbed" }, { "vulnerability": "VCID-5jjh-qcnz-mye7" }, { "vulnerability": "VCID-73th-g3mx-dqf1" }, { "vulnerability": "VCID-892e-957y-4yc8" }, { "vulnerability": "VCID-9h4k-xjx5-afc8" }, { "vulnerability": "VCID-atqg-nfz6-zyfs" }, { "vulnerability": "VCID-ca7m-fb38-kfe2" }, { "vulnerability": "VCID-fzvq-dpvh-v7eu" }, { "vulnerability": "VCID-gxu6-51zm-sfh7" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-n5vc-ggjg-kfc1" }, { "vulnerability": "VCID-netd-rr9e-wbg5" }, { "vulnerability": "VCID-pnge-tumu-v7e2" }, { "vulnerability": "VCID-pwtj-az3g-zka3" }, { "vulnerability": "VCID-rs56-6qvx-vucg" }, { "vulnerability": "VCID-rxtr-936k-h3cc" }, { "vulnerability": "VCID-s839-rpta-6bej" }, { "vulnerability": "VCID-tx8n-nmhx-gqg1" }, { "vulnerability": "VCID-ubq1-gzr6-x3fu" }, { "vulnerability": "VCID-xq5k-dyk9-u3ct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.10.1675144701-1%3Farch=el8" }, { "url": "http://public2.vulnerablecode.io/api/packages/97035?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1683009941-1?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tha-u7dt-tfc9" }, { "vulnerability": "VCID-2zhb-qfhq-xkdp" }, { "vulnerability": "VCID-4qvq-xv22-xbed" }, { "vulnerability": "VCID-5bu5-5b6n-nuft" }, { "vulnerability": "VCID-73th-g3mx-dqf1" }, { "vulnerability": "VCID-atqg-nfz6-zyfs" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-j584-bgww-z7fw" }, { "vulnerability": "VCID-j986-mtma-b3bw" }, { "vulnerability": "VCID-m3g5-ua28-afd2" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-n5vc-ggjg-kfc1" }, { "vulnerability": "VCID-netd-rr9e-wbg5" }, { "vulnerability": "VCID-pnge-tumu-v7e2" }, { "vulnerability": "VCID-quvj-3tpk-qug1" }, { "vulnerability": "VCID-rxtr-936k-h3cc" }, { "vulnerability": "VCID-s839-rpta-6bej" }, { "vulnerability": "VCID-tx8n-nmhx-gqg1" }, { "vulnerability": "VCID-xq5k-dyk9-u3ct" }, { "vulnerability": "VCID-zxcj-h6nx-m7gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.11.1683009941-1%3Farch=el8" }, { "url": "http://public2.vulnerablecode.io/api/packages/97533?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1675702407-1?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pzb-gkrf-m3hq" }, { "vulnerability": "VCID-1tha-u7dt-tfc9" }, { "vulnerability": "VCID-2zhb-qfhq-xkdp" }, { "vulnerability": "VCID-73th-g3mx-dqf1" }, { "vulnerability": "VCID-9h46-72hw-bkcr" }, { "vulnerability": "VCID-atqg-nfz6-zyfs" }, { "vulnerability": "VCID-k6wy-rwhv-ckd2" }, { "vulnerability": "VCID-n5vc-ggjg-kfc1" }, { "vulnerability": "VCID-netd-rr9e-wbg5" }, { "vulnerability": "VCID-pnge-tumu-v7e2" }, { "vulnerability": "VCID-rs56-6qvx-vucg" }, { "vulnerability": "VCID-rxtr-936k-h3cc" }, { "vulnerability": "VCID-s839-rpta-6bej" }, { "vulnerability": "VCID-tx8n-nmhx-gqg1" }, { "vulnerability": "VCID-v2pq-1qhm-4qb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.12.1675702407-1%3Farch=el8" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43402.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43402.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25593", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25576", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25648", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25695", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25705", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25664", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25607", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25609", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25763", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25805", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43402" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43402", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43402" }, { "reference_url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/10/19/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136379", "reference_id": "2136379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136379" }, { "reference_url": "https://github.com/advisories/GHSA-mqc2-w9r8-mmxm", "reference_id": "GHSA-mqc2-w9r8-mmxm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mqc2-w9r8-mmxm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0560", "reference_id": "RHSA-2023:0560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0777", "reference_id": "RHSA-2023:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1064", "reference_id": "RHSA-2023:1064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3198", "reference_id": "RHSA-2023:3198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "weaknesses": [ { "cwe_id": 693, "name": "Protection Mechanism Failure", "description": "The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 78, "name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "description": "The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": "0.5", "weighted_severity": "9.0", "risk_score": 4.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s839-rpta-6bej" }