Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:alpm/archlinux/jenkins@2.171-1
purl pkg:alpm/archlinux/jenkins@2.171-1
Next non-vulnerable version 2.172-1
Latest non-vulnerable version 2.319-1
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-6wmw-rn4w-vqf5
Aliases:
CVE-2019-1003050
GHSA-qpg9-83fv-x9ch
Cross-site Scripting The `f:validateButton` form control for the Jenkins UI did not properly escape job URLs resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.
2.172-1
Affected by 0 other vulnerabilities.
VCID-zftt-hmv8-judu
Aliases:
CVE-2019-1003049
GHSA-742j-jcfr-23w3
Improper Authentication Users who cached their CLI authentication would remain authenticated because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.
2.172-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-06T05:35:35.319358+00:00 Arch Linux Importer Affected by VCID-zftt-hmv8-judu https://security.archlinux.org/AVG-948 38.1.0
2026-04-06T05:35:35.296646+00:00 Arch Linux Importer Affected by VCID-6wmw-rn4w-vqf5 https://security.archlinux.org/AVG-948 38.1.0
2026-04-01T18:27:02.453921+00:00 Arch Linux Importer Affected by VCID-zftt-hmv8-judu https://security.archlinux.org/AVG-948 38.0.0
2026-04-01T18:27:02.428417+00:00 Arch Linux Importer Affected by VCID-6wmw-rn4w-vqf5 https://security.archlinux.org/AVG-948 38.0.0