VulnerableCode Package Details - pkg:maven/org.jenkins-ci.main/jenkins-core@2.165

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.jenkins-ci.main/jenkins-core@2.165

purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.165

Next non-vulnerable version	2.172
Latest non-vulnerable version	2.555
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-6wmw-rn4w-vqf5 Aliases: CVE-2019-1003050 GHSA-qpg9-83fv-x9ch	Cross-site Scripting The `f:validateButton` form control for the Jenkins UI did not properly escape job URLs resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.	2.172 Affected by 0 other vulnerabilities.
VCID-zftt-hmv8-judu Aliases: CVE-2019-1003049 GHSA-742j-jcfr-23w3	Improper Authentication Users who cached their CLI authentication would remain authenticated because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.	2.172 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:00:47.710111+00:00	GHSA Importer	Affected by	VCID-6wmw-rn4w-vqf5	https://github.com/advisories/GHSA-qpg9-83fv-x9ch	38.0.0
2026-04-01T16:00:47.441670+00:00	GHSA Importer	Affected by	VCID-zftt-hmv8-judu	https://github.com/advisories/GHSA-742j-jcfr-23w3	38.0.0