Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jenkins-plugin-openshift-pipeline@1.0.12-1?arch=el7
purl pkg:rpm/redhat/jenkins-plugin-openshift-pipeline@1.0.12-1?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-5tfj-bm2b-ffhm
Aliases:
CVE-2016-3727
GHSA-6cr3-cm5h-8q96
Jenkins Exposes Sensitive Information via API URL The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors. There are no reported fixed by versions.
VCID-8y2p-df9x-a7cp
Aliases:
CVE-2016-3722
GHSA-3857-xm38-jmq2
Permissions, Privileges, and Access Controls Jenkins allows remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name". There are no reported fixed by versions.
VCID-b69p-t71y-hbhd
Aliases:
CVE-2016-3726
GHSA-rx4r-gxpc-h85x
Jenkins affected by Open Redirect Vulnerability Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs. There are no reported fixed by versions.
VCID-jaty-3r2s-pqc2
Aliases:
CVE-2016-3721
GHSA-qf2h-h3xq-j93j
Jenkins allows Remote Users to Inject Build Parameters Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. There are no reported fixed by versions.
VCID-kt3k-9uyt-13d1
Aliases:
CVE-2016-3724
GHSA-7vvj-qqvj-h8mc
Jenkins Exposes Sensitive Information from Job Configuration Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. There are no reported fixed by versions.
VCID-puux-2z74-3yea
Aliases:
CVE-2016-3723
GHSA-8572-5jrg-mx52
Information Exposure Jenkins allows remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints. There are no reported fixed by versions.
VCID-yvec-gpmh-73hq
Aliases:
CVE-2016-3725
GHSA-59fm-6x3q-q3q5
Permissions, Privileges, and Access Controls Jenkins allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permission check. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:36:36.408018+00:00 RedHat Importer Affected by VCID-5tfj-bm2b-ffhm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3727.json 38.0.0
2026-04-01T14:36:36.026688+00:00 RedHat Importer Affected by VCID-b69p-t71y-hbhd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3726.json 38.0.0
2026-04-01T14:36:35.624966+00:00 RedHat Importer Affected by VCID-yvec-gpmh-73hq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3725.json 38.0.0
2026-04-01T14:36:35.213704+00:00 RedHat Importer Affected by VCID-kt3k-9uyt-13d1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3724.json 38.0.0
2026-04-01T14:36:34.797359+00:00 RedHat Importer Affected by VCID-puux-2z74-3yea https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3723.json 38.0.0
2026-04-01T14:36:34.401037+00:00 RedHat Importer Affected by VCID-8y2p-df9x-a7cp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3722.json 38.0.0
2026-04-01T14:36:33.982064+00:00 RedHat Importer Affected by VCID-jaty-3r2s-pqc2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3721.json 38.0.0