VulnerableCode Package Details - pkg:maven/org.jenkins-ci.plugins/script-security@1190.v65867a_a

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-892e-957y-4yc8	Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the [SHA-1 hash](https://en.wikipedia.org/wiki/SHA-1) of the approved script. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest. Script Security Plugin 1190.v65867a_a_47126 uses SHA-512 for new whole-script approvals. Previously approved scripts will have their SHA-1 based whole-script approval replaced with a corresponding SHA-512 whole-script approval when the script is next used. Whole-script approval only stores the SHA-1 or SHA-512 hash, so it is not possible to migrate all previously approved scripts automatically on startup. Administrators concerned about SHA-1 collision attacks on the whole-script approval feature are able to revoke all previous (SHA-1) script approvals on the In-Process Script Approval page.	CVE-2022-45379 GHSA-fv42-mx39-6fpw

Vulnerability

Summary

Aliases

VCID-892e-957y-4yc8

Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the [SHA-1 hash](https://en.wikipedia.org/wiki/SHA-1) of the approved script. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest. Script Security Plugin 1190.v65867a_a_47126 uses SHA-512 for new whole-script approvals. Previously approved scripts will have their SHA-1 based whole-script approval replaced with a corresponding SHA-512 whole-script approval when the script is next used. Whole-script approval only stores the SHA-1 or SHA-512 hash, so it is not possible to migrate all previously approved scripts automatically on startup. Administrators concerned about SHA-1 collision attacks on the whole-script approval feature are able to revoke all previous (SHA-1) script approvals on the In-Process Script Approval page.

CVE-2022-45379
GHSA-fv42-mx39-6fpw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T21:28:18.191192+00:00	GitLab Importer	Fixing	VCID-892e-957y-4yc8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/script-security/CVE-2022-45379.yml	38.1.0
2026-04-01T16:04:01.789651+00:00	GHSA Importer	Fixing	VCID-892e-957y-4yc8	https://github.com/advisories/GHSA-fv42-mx39-6fpw	38.0.0
2026-04-01T13:07:14.770334+00:00	GithubOSV Importer	Fixing	VCID-892e-957y-4yc8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-fv42-mx39-6fpw/GHSA-fv42-mx39-6fpw.json	38.0.0