Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/53777?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53777?format=api", "vulnerability_id": "VCID-hg91-mnh3-g3a4", "summary": "Jenkins Git client plugin 3.11.0 does not perform SSH host key verification\nJenkins Git client plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. Git client Plugin 3.11.1 provides strategies for performing host key verification for administrators to select the one that meets their security needs. For more information see [the plugin documentation](https://github.com/jenkinsci/git-client-plugin#ssh-host-key-verification).", "aliases": [ { "alias": "CVE-2022-36881" }, { "alias": "GHSA-cm7j-p8hc-97vj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81324?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git-client@3.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git-client@3.11.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144268?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/git-client@3.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hg91-mnh3-g3a4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git-client@3.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/98056?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.8.1672842762-1?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qvq-xv22-xbed" }, { "vulnerability": "VCID-7ez2-n617-u3dq" }, { "vulnerability": "VCID-9h4k-xjx5-afc8" }, { "vulnerability": "VCID-c2jh-gx5w-mqcd" }, { "vulnerability": "VCID-ca7m-fb38-kfe2" }, { "vulnerability": "VCID-fzvq-dpvh-v7eu" }, { "vulnerability": "VCID-gxu6-51zm-sfh7" }, { "vulnerability": "VCID-hg91-mnh3-g3a4" }, { "vulnerability": "VCID-k6wy-rwhv-ckd2" }, { "vulnerability": "VCID-qsut-4d83-97h1" }, { "vulnerability": "VCID-rs56-6qvx-vucg" }, { "vulnerability": "VCID-tt48-pfzv-mkgt" }, { "vulnerability": "VCID-ubq1-gzr6-x3fu" }, { "vulnerability": "VCID-xq5k-dyk9-u3ct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.8.1672842762-1%3Farch=el8" }, { "url": "http://public2.vulnerablecode.io/api/packages/98057?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.9.1667460322-1?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hg91-mnh3-g3a4" }, { "vulnerability": "VCID-tt48-pfzv-mkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.9.1667460322-1%3Farch=el8" }, { "url": "http://public2.vulnerablecode.io/api/packages/98058?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.10.1667388055-1?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hg91-mnh3-g3a4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.10.1667388055-1%3Farch=el8" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36881.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36881.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72949", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72908", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72915", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72905", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72872", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72888", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72864", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.7285", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72812", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72816", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72837", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36881" }, { "reference_url": "https://github.com/jenkinsci/git-client-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/git-client-plugin" }, { "reference_url": "https://github.com/jenkinsci/git-client-plugin/commit/88f52c6c9b18bca4ad210e3b9910a49433583fd9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/git-client-plugin/commit/88f52c6c9b18bca4ad210e3b9910a49433583fd9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36881", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36881" }, { "reference_url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1468", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1468" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114755", "reference_id": "2114755", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114755" }, { "reference_url": "https://github.com/advisories/GHSA-cm7j-p8hc-97vj", "reference_id": "GHSA-cm7j-p8hc-97vj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cm7j-p8hc-97vj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7865", "reference_id": "RHSA-2022:7865", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0017", "reference_id": "RHSA-2023:0017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0017" } ], "weaknesses": [ { "cwe_id": 295, "name": "Improper Certificate Validation", "description": "The product does not validate, or incorrectly validates, a certificate." }, { "cwe_id": 322, "name": "Key Exchange without Entity Authentication", "description": "The product performs a key exchange with an actor without verifying the identity of that actor." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 8.1", "exploitability": "0.5", "weighted_severity": "7.3", "risk_score": 3.6, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hg91-mnh3-g3a4" }