VulnerableCode Package Details - pkg:maven/org.jenkins-ci.main/jenkins-core@2.554

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.jenkins-ci.main/jenkins-core@2.554

purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.554

Next non-vulnerable version	2.555
Latest non-vulnerable version	2.555
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-22rc-z7ra-dfh8 Aliases: CVE-2026-33001 GHSA-r6qv-frpc-q66c	Jenkins has a link following vulnerability allows arbitrary file creation Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the user running Jenkins. This can be exploited to deploy malicious scripts or plugins on the controller by attackers with Item/Configure permission, or able to control agent processes.	2.555 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T17:01:13.785096+00:00	GHSA Importer	Affected by	VCID-22rc-z7ra-dfh8	https://github.com/advisories/GHSA-r6qv-frpc-q66c	38.1.0