Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-sanw-xj8r-1kbb
Summary
Information Exposure
The re-key admin monitor in Jenkins re-encrypts all secrets in `JENKINS_HOME` with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups are world-readable and not removed.
Aliases
0
alias CVE-2017-1000362
1
alias GHSA-92mr-4w2q-4578
Fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.625
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.625
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-2zwg-a71p-r7hs
2
vulnerability VCID-6cw8-67c2-1ugk
3
vulnerability VCID-8u35-jee9-5qes
4
vulnerability VCID-fndu-scdw-jueh
5
vulnerability VCID-h23h-s8t3-byhr
6
vulnerability VCID-hgy1-h6aj-dbbu
7
vulnerability VCID-kbj2-ymsz-5qe8
8
vulnerability VCID-kzfk-8p92-3bgs
9
vulnerability VCID-q58h-d9w2-8yez
10
vulnerability VCID-rhrm-caa2-9kae
11
vulnerability VCID-v2ky-wpb2-6qhk
12
vulnerability VCID-wb3y-k94s-eyb4
13
vulnerability VCID-yw8v-fqar-z7b5
14
vulnerability VCID-zb9r-zjt8-wqae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2
2
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wb3y-k94s-eyb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
Affected_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.498
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.498
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sanw-xj8r-1kbb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.498
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.1
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-6cw8-67c2-1ugk
2
vulnerability VCID-8u35-jee9-5qes
3
vulnerability VCID-fndu-scdw-jueh
4
vulnerability VCID-kbj2-ymsz-5qe8
5
vulnerability VCID-kzfk-8p92-3bgs
6
vulnerability VCID-q58h-d9w2-8yez
7
vulnerability VCID-rhrm-caa2-9kae
8
vulnerability VCID-sanw-xj8r-1kbb
9
vulnerability VCID-v2ky-wpb2-6qhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.1
2
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.40
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sanw-xj8r-1kbb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.40
3
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.43
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.43
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnc-b5tg-3fhe
1
vulnerability VCID-6cw8-67c2-1ugk
2
vulnerability VCID-8u35-jee9-5qes
3
vulnerability VCID-fndu-scdw-jueh
4
vulnerability VCID-kbj2-ymsz-5qe8
5
vulnerability VCID-kzfk-8p92-3bgs
6
vulnerability VCID-q58h-d9w2-8yez
7
vulnerability VCID-rhrm-caa2-9kae
8
vulnerability VCID-sanw-xj8r-1kbb
9
vulnerability VCID-v2ky-wpb2-6qhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.43
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000362.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000362.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000362
reference_id
reference_type
scores
0
value 0.01234
scoring_system epss
scoring_elements 0.79259
published_at 2026-04-26T12:55:00Z
1
value 0.01234
scoring_system epss
scoring_elements 0.79145
published_at 2026-04-01T12:55:00Z
2
value 0.01234
scoring_system epss
scoring_elements 0.79151
published_at 2026-04-02T12:55:00Z
3
value 0.01234
scoring_system epss
scoring_elements 0.79176
published_at 2026-04-04T12:55:00Z
4
value 0.01234
scoring_system epss
scoring_elements 0.79162
published_at 2026-04-07T12:55:00Z
5
value 0.01234
scoring_system epss
scoring_elements 0.79187
published_at 2026-04-08T12:55:00Z
6
value 0.01234
scoring_system epss
scoring_elements 0.79195
published_at 2026-04-13T12:55:00Z
7
value 0.01234
scoring_system epss
scoring_elements 0.79219
published_at 2026-04-21T12:55:00Z
8
value 0.01234
scoring_system epss
scoring_elements 0.79204
published_at 2026-04-12T12:55:00Z
9
value 0.01234
scoring_system epss
scoring_elements 0.79221
published_at 2026-04-16T12:55:00Z
10
value 0.01234
scoring_system epss
scoring_elements 0.79218
published_at 2026-04-18T12:55:00Z
11
value 0.01234
scoring_system epss
scoring_elements 0.79253
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000362
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/0be33cf7328fad6a7596ce9505a74561a8b1eb85
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/0be33cf7328fad6a7596ce9505a74561a8b1eb85
4
reference_url https://github.com/jenkinsci/jenkins/commit/a572450f039fdb99410fcf6eb0ba307bd69ea458
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/a572450f039fdb99410fcf6eb0ba307bd69ea458
5
reference_url https://jenkins.io/security/advisory/2017-02-01
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2017-02-01
6
reference_url https://jenkins.io/security/advisory/2017-02-01/
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2017-02-01/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1418716
reference_id 1418716
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1418716
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000362
reference_id CVE-2017-1000362
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000362
9
reference_url https://github.com/advisories/GHSA-92mr-4w2q-4578
reference_id GHSA-92mr-4w2q-4578
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92mr-4w2q-4578
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-sanw-xj8r-1kbb