VulnerableCode Package Details - pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.117-1.git.1.2b006d2?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-6wmw-rn4w-vqf5 Aliases: CVE-2019-1003050 GHSA-qpg9-83fv-x9ch	Cross-site Scripting The `f:validateButton` form control for the Jenkins UI did not properly escape job URLs resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.	There are no reported fixed by versions.
VCID-ftky-shfy-bufk Aliases: CVE-2019-10328 GHSA-v558-fhw2-v46w	Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.	There are no reported fixed by versions.
VCID-s5qz-aqj7-6uhz Aliases: CVE-2019-10320 GHSA-xm94-9jw8-p6hw	File and Directory Information Exposure Jenkins Credentials Plugin allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.	There are no reported fixed by versions.
VCID-zftt-hmv8-judu Aliases: CVE-2019-1003049 GHSA-742j-jcfr-23w3	Improper Authentication Users who cached their CLI authentication would remain authenticated because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-6wmw-rn4w-vqf5
Aliases:
CVE-2019-1003050
GHSA-qpg9-83fv-x9ch

Cross-site Scripting The `f:validateButton` form control for the Jenkins UI did not properly escape job URLs resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.

There are no reported fixed by versions.

VCID-ftky-shfy-bufk
Aliases:
CVE-2019-10328
GHSA-v558-fhw2-v46w

Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.

There are no reported fixed by versions.

VCID-s5qz-aqj7-6uhz
Aliases:
CVE-2019-10320
GHSA-xm94-9jw8-p6hw

File and Directory Information Exposure Jenkins Credentials Plugin allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

There are no reported fixed by versions.

VCID-zftt-hmv8-judu
Aliases:
CVE-2019-1003049
GHSA-742j-jcfr-23w3

Improper Authentication Users who cached their CLI authentication would remain authenticated because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:20:16.473289+00:00	RedHat Importer	Affected by	VCID-zftt-hmv8-judu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003049.json	38.0.0
2026-04-01T14:20:16.208172+00:00	RedHat Importer	Affected by	VCID-6wmw-rn4w-vqf5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003050.json	38.0.0
2026-04-01T14:19:12.242415+00:00	RedHat Importer	Affected by	VCID-s5qz-aqj7-6uhz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10320.json	38.0.0
2026-04-01T14:19:07.478915+00:00	RedHat Importer	Affected by	VCID-ftky-shfy-bufk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10328.json	38.0.0