Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/openshift-origin-broker-util@1.36.2.2-1?arch=el6op
purl pkg:rpm/redhat/openshift-origin-broker-util@1.36.2.2-1?arch=el6op
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-88ku-rdqg-nfdm
Aliases:
CVE-2015-1806
GHSA-mm9c-4cv4-7rfv
Jenkins allows for Privilege Escalation by Remote Authenticated Users The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors. There are no reported fixed by versions.
VCID-9bjm-e9zm-dqck
Aliases:
CVE-2015-1814
GHSA-3269-jqp5-v8c9
Jenkins allows for Privilege Escalation by Remote Authenticated Users The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users. There are no reported fixed by versions.
VCID-d967-j6gn-j7cq
Aliases:
CVE-2015-1812
GHSA-w5v7-q2j4-fvpf
Jenkins Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813. There are no reported fixed by versions.
VCID-dmb6-hwan-nqfn
Aliases:
CVE-2015-1811
GHSA-qg7x-4h4q-3m49
XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. There are no reported fixed by versions.
VCID-q7xy-2e9v-uka8
Aliases:
CVE-2015-1807
jenkins: directory traversal from artifacts via symlink (SECURITY-162) There are no reported fixed by versions.
VCID-tryk-6hhf-8ufh
Aliases:
CVE-2015-1809
GHSA-qj27-w92h-fc9r
XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query. There are no reported fixed by versions.
VCID-wu44-bxb4-2uf1
Aliases:
CVE-2015-1813
GHSA-9h85-v6xf-h26q
Jenkins allows Cross-Site Scripting (XSS) Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812. There are no reported fixed by versions.
VCID-z2s1-ncs9-vfet
Aliases:
CVE-2015-1810
GHSA-37wm-28rm-56vw
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name. There are no reported fixed by versions.
VCID-zz2q-h9gc-p7h4
Aliases:
CVE-2015-1808
GHSA-3rwx-3vwh-mwxc
Jenkins Vulnerable to Denial of Service (DoS) Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:43:08.891233+00:00 RedHat Importer Affected by VCID-dmb6-hwan-nqfn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1811.json 38.0.0
2026-04-01T14:43:07.728156+00:00 RedHat Importer Affected by VCID-z2s1-ncs9-vfet https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1810.json 38.0.0
2026-04-01T14:43:06.766934+00:00 RedHat Importer Affected by VCID-tryk-6hhf-8ufh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1809.json 38.0.0
2026-04-01T14:43:05.550381+00:00 RedHat Importer Affected by VCID-zz2q-h9gc-p7h4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1808.json 38.0.0
2026-04-01T14:43:03.596853+00:00 RedHat Importer Affected by VCID-q7xy-2e9v-uka8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1807.json 38.0.0
2026-04-01T14:43:01.855730+00:00 RedHat Importer Affected by VCID-88ku-rdqg-nfdm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1806.json 38.0.0
2026-04-01T14:42:34.200002+00:00 RedHat Importer Affected by VCID-9bjm-e9zm-dqck https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1814.json 38.0.0
2026-04-01T14:42:32.302014+00:00 RedHat Importer Affected by VCID-wu44-bxb4-2uf1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1813.json 38.0.0
2026-04-01T14:42:30.367646+00:00 RedHat Importer Affected by VCID-d967-j6gn-j7cq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1812.json 38.0.0