Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-5k7u-6rmq-tyb5
Summary
Unauthorized view fragment access in Jenkins
Jenkins uses the Stapler web framework to render its UI views. These views are frequently composed of several view fragments, enabling plugins to extend existing views with more content.

Before [SECURITY-534](https://www.jenkins.io/security/advisory/2019-07-17/#SECURITY-534) was fixed in Jenkins 2.186 and LTS 2.176.2, attackers could in some cases directly access a view fragment containing sensitive information, bypassing any permission checks in the corresponding view.

In Jenkins 2.335 through 2.355 (both inclusive), the protection added for SECURITY-534 is disabled for some views. As a result, attackers could in very limited cases directly access a view fragment containing sensitive information, bypassing any permission checks in the corresponding view.

As of publication, the Jenkins security team is unaware of any vulnerable view fragment across the Jenkins plugin ecosystem.

Jenkins 2.356 restores the protection for affected views.

No Jenkins LTS release is affected by this issue, as it was not present in Jenkins 2.332.x and fixed in the 2.346.x line before 2.346.1.
Aliases
0
alias CVE-2022-34175
1
alias GHSA-p3rc-946h-8cf5
Fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.356
Affected_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.335
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.335
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5k7u-6rmq-tyb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.335
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.355
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.355
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1h9x-56rp-j7ch
1
vulnerability VCID-5k7u-6rmq-tyb5
2
vulnerability VCID-gua8-x599-fqad
3
vulnerability VCID-j861-35t6-8qep
4
vulnerability VCID-uwfz-czcp-qyd9
5
vulnerability VCID-vgg4-g95a-gkey
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.355
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34175.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34175.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34175
reference_id
reference_type
scores
0
value 0.03089
scoring_system epss
scoring_elements 0.86826
published_at 2026-04-29T12:55:00Z
1
value 0.03089
scoring_system epss
scoring_elements 0.86819
published_at 2026-04-24T12:55:00Z
2
value 0.03089
scoring_system epss
scoring_elements 0.86803
published_at 2026-04-21T12:55:00Z
3
value 0.03089
scoring_system epss
scoring_elements 0.86806
published_at 2026-04-18T12:55:00Z
4
value 0.03089
scoring_system epss
scoring_elements 0.86801
published_at 2026-04-16T12:55:00Z
5
value 0.03089
scoring_system epss
scoring_elements 0.86786
published_at 2026-04-13T12:55:00Z
6
value 0.04136
scoring_system epss
scoring_elements 0.88625
published_at 2026-04-04T12:55:00Z
7
value 0.04136
scoring_system epss
scoring_elements 0.88609
published_at 2026-04-02T12:55:00Z
8
value 0.04136
scoring_system epss
scoring_elements 0.88627
published_at 2026-04-07T12:55:00Z
9
value 0.04136
scoring_system epss
scoring_elements 0.88645
published_at 2026-04-08T12:55:00Z
10
value 0.04136
scoring_system epss
scoring_elements 0.8865
published_at 2026-04-09T12:55:00Z
11
value 0.04136
scoring_system epss
scoring_elements 0.88662
published_at 2026-04-11T12:55:00Z
12
value 0.04136
scoring_system epss
scoring_elements 0.88654
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34175
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/37bd66a43ad561f670db7440f493d69518741d27
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/37bd66a43ad561f670db7440f493d69518741d27
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34175
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34175
5
reference_url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2777
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2777
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119655
reference_id 2119655
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119655
7
reference_url https://github.com/advisories/GHSA-p3rc-946h-8cf5
reference_id GHSA-p3rc-946h-8cf5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p3rc-946h-8cf5
Weaknesses
0
cwe_id 693
name Protection Mechanism Failure
description The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
1
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-5k7u-6rmq-tyb5