VulnerableCode Package Details - pkg:maven/org.jenkins-ci.plugins/script-security@1189.vb

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.jenkins-ci.plugins/script-security@1189.vb

purl	pkg:maven/org.jenkins-ci.plugins/script-security@1189.vb

Next non-vulnerable version	1190.v65867a_a_47126
Latest non-vulnerable version	1368.vb
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-892e-957y-4yc8 Aliases: CVE-2022-45379 GHSA-fv42-mx39-6fpw	Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the [SHA-1 hash](https://en.wikipedia.org/wiki/SHA-1) of the approved script. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest. Script Security Plugin 1190.v65867a_a_47126 uses SHA-512 for new whole-script approvals. Previously approved scripts will have their SHA-1 based whole-script approval replaced with a corresponding SHA-512 whole-script approval when the script is next used. Whole-script approval only stores the SHA-1 or SHA-512 hash, so it is not possible to migrate all previously approved scripts automatically on startup. Administrators concerned about SHA-1 collision attacks on the whole-script approval feature are able to revoke all previous (SHA-1) script approvals on the In-Process Script Approval page.	1190.v65867a_a_47126 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:04:01.786430+00:00	GHSA Importer	Affected by	VCID-892e-957y-4yc8	https://github.com/advisories/GHSA-fv42-mx39-6fpw	38.0.0