{"url":"http://public2.vulnerablecode.io/api/packages/101112?format=json","purl":"pkg:rpm/redhat/openshift-ansible@4.5.0-202102031005.p0.git.0.c6839a2?arch=el7","type":"rpm","namespace":"redhat","name":"openshift-ansible","version":"4.5.0-202102031005.p0.git.0.c6839a2","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54548?format=json","vulnerability_id":"VCID-25cp-rjk4-gfdb","summary":"XSS vulnerability in Jenkins notification bar\nJenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents (typically shown after form submissions via Apply button).\n\nThis results in a cross-site scripting (XSS) vulnerability exploitable by attackers able to influence notification bar contents.\n\nJenkins 2.275, LTS 2.263.2 escapes the content shown in notification bars.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21603.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21603.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21603","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54902","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54816","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54887","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54913","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54883","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54932","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54931","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54943","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54925","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21603"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f5d98421604e44f398e7de9d222b191a705608af","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f5d98421604e44f398e7de9d222b191a705608af"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21603","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21603"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1889","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1889"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925160","reference_id":"1925160","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925160"},{"reference_url":"https://security.archlinux.org/ASA-202101-41","reference_id":"ASA-202101-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-41"},{"reference_url":"https://security.archlinux.org/AVG-1446","reference_id":"AVG-1446","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1446"},{"reference_url":"https://github.com/advisories/GHSA-98gq-6hxg-52r6","reference_id":"GHSA-98gq-6hxg-52r6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98gq-6hxg-52r6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[],"aliases":["CVE-2021-21603","GHSA-98gq-6hxg-52r6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-25cp-rjk4-gfdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58806?format=json","vulnerability_id":"VCID-25jg-8vxe-1feu","summary":"Missing permission check for paths with specific prefix in Jenkins\nJenkins includes a static list of URLs that are always accessible even without Overall/Read permission, such as the login form. These URLs are excluded from an otherwise universal permission check.\n\nJenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly compare requested URLs with that list.\n\nThis allows attackers without Overall/Read permission to access plugin-provided URLs with any of the following prefixes if no other permissions are required:\n- `accessDenied`\n- `error`\n- `instance-identity`\n- `login`\n- `logout`\n- `oops`\n- `securityRealm`\n- `signup`\n- `tcpSlaveAgentListener`\n\nFor example, a plugin contributing the path `loginFoo/` would have URLs in that space accessible without the default Overall/Read permission check.\n\nThe Jenkins security team is not aware of any affected plugins as of the publication of this advisory.\n\nThe comparison of requested URLs with the list of always accessible URLs has been fixed to only allow access to the specific listed URLs in Jenkins 2.275, LTS 2.263.2.\n\nIn case this change causes problems, additional paths can be made accessible without Overall/Read permissions: The [Java system property](https://www.jenkins.io/doc/book/managing/system-properties/) `jenkins.model.Jenkins.additionalReadablePaths` is a comma-separated list of additional path prefixes to allow access to.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21609.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21609.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21609","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35441","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3532","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35518","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35544","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35426","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35472","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35496","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35507","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35463","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21609"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/fe9091fc74d55a56fd36544f3038d47c8cb331a4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/fe9091fc74d55a56fd36544f3038d47c8cb331a4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21609","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21609"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2047","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2047"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925141","reference_id":"1925141","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925141"},{"reference_url":"https://security.archlinux.org/ASA-202101-41","reference_id":"ASA-202101-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-41"},{"reference_url":"https://security.archlinux.org/AVG-1446","reference_id":"AVG-1446","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1446"},{"reference_url":"https://github.com/advisories/GHSA-4625-q52w-39cx","reference_id":"GHSA-4625-q52w-39cx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4625-q52w-39cx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[],"aliases":["CVE-2021-21609","GHSA-4625-q52w-39cx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-25jg-8vxe-1feu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54688?format=json","vulnerability_id":"VCID-3y23-krs1-yudh","summary":"Excessive memory allocation in graph URLs leads to denial of service in Jenkins\nJenkins renders several different graphs for features like agent and label usage statistics, memory usage, or various plugin-provided statistics.\n\nJenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit the graph size provided as query parameters.\n\nThis allows attackers to request or to have legitimate Jenkins users request crafted URLs that rapidly use all available memory in Jenkins, potentially leading to out of memory errors.\n\nJenkins 2.275, LTS 2.263.2 limits the maximum size of graphs to an area of 10 million pixels. If a larger size is requested, the default size for the graph will be rendered instead.\n\nThis threshold can be configured by setting the [Java system property](https://www.jenkins.io/doc/book/managing/system-properties/) `hudson.util.Graph.maxArea` to a different number on startup.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21607.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21607.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21607","reference_id":"","reference_type":"","scores":[{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56081","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56097","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56121","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.55943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56105","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56075","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56054","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.5611","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21607"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/a890d68699ad6ca0c8fbc297a1d4b7ebf23f384b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/a890d68699ad6ca0c8fbc297a1d4b7ebf23f384b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21607","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21607"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2025","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2025"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925156","reference_id":"1925156","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925156"},{"reference_url":"https://security.archlinux.org/ASA-202101-41","reference_id":"ASA-202101-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-41"},{"reference_url":"https://security.archlinux.org/AVG-1446","reference_id":"AVG-1446","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1446"},{"reference_url":"https://github.com/advisories/GHSA-cxqw-vjcr-gp5g","reference_id":"GHSA-cxqw-vjcr-gp5g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cxqw-vjcr-gp5g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[],"aliases":["CVE-2021-21607","GHSA-cxqw-vjcr-gp5g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3y23-krs1-yudh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57815?format=json","vulnerability_id":"VCID-3ynh-xzxn-jkgy","summary":"Arbitrary file read vulnerability in workspace browsers in Jenkins\nThe file browser for workspaces, archived artifacts, and `$JENKINS_HOME/userContent/` follows symbolic links to locations outside the directory being browsed in Jenkins 2.274 and earlier, LTS 2.263.1 and earlier.\n\nThis allows attackers with Job/Workspace permission and the ability to control workspace contents (e.g., with Job/Configure permission or the ability to change SCM contents) to create symbolic links that allow them to access files outside workspaces using the workspace browser.\n\nThis issue is caused by an incomplete fix for SECURITY-904 / CVE-2018-1000862 in the [2018-12-08 security advisory](https://www.jenkins.io/security/advisory/2018-12-05/#SECURITY-904).\n\nJenkins 2.275, LTS 2.263.2 no longer supports symlinks in workspace browsers. While they may still exist on the file system, they are no longer shown on the UI, accessible via URLs, or included in directory content downloads.\n\nThis fix only changes the behavior of the Jenkins UI. Archiving artifacts still behaves as before.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21602.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21602.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21602","reference_id":"","reference_type":"","scores":[{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.80373","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.80322","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.80329","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.80349","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.80338","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.80366","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.80377","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.80395","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.8038","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21602"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/71d2ecf1a4e5303e80815eaa3935c4f2fa3d9104","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/71d2ecf1a4e5303e80815eaa3935c4f2fa3d9104"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21602","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21602"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1452","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1452"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925161","reference_id":"1925161","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925161"},{"reference_url":"https://security.archlinux.org/ASA-202101-41","reference_id":"ASA-202101-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-41"},{"reference_url":"https://security.archlinux.org/AVG-1446","reference_id":"AVG-1446","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1446"},{"reference_url":"https://github.com/advisories/GHSA-vpjm-58cw-r8q5","reference_id":"GHSA-vpjm-58cw-r8q5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vpjm-58cw-r8q5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[],"aliases":["CVE-2021-21602","GHSA-vpjm-58cw-r8q5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ynh-xzxn-jkgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54546?format=json","vulnerability_id":"VCID-4y3h-rxbk-cua1","summary":"Arbitrary file existence check in file fingerprints in Jenkins\nJenkins provides a feature for jobs to store and track fingerprints of files used during a build. Jenkins 2.274 and earlier, LTS 2.263.1 and earlier provides a REST API to check where a given fingerprint was used by which builds. This endpoint does not fully validate that the provided fingerprint ID is properly formatted before checking for the XML metadata for that fingerprint on the controller file system.\n\nThis allows attackers with Overall/Read permission to check for the existence of XML files on the controller file system where the relative path can be constructed as 32 characters.\n\nJenkins 2.275, LTS 2.263.2 validates that a fingerprint ID is properly formatted before checking for its existence.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21606.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21606.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21606","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46355","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46345","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46374","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46286","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46294","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46346","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46326","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.4635","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21606"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f576b2eb4375f2bb076ce477cee27a946b65f22a","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f576b2eb4375f2bb076ce477cee27a946b65f22a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21606","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21606"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2023","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2023"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925159","reference_id":"1925159","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925159"},{"reference_url":"https://security.archlinux.org/ASA-202101-41","reference_id":"ASA-202101-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-41"},{"reference_url":"https://security.archlinux.org/AVG-1446","reference_id":"AVG-1446","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1446"},{"reference_url":"https://github.com/advisories/GHSA-f585-9fw3-rj2m","reference_id":"GHSA-f585-9fw3-rj2m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f585-9fw3-rj2m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[],"aliases":["CVE-2021-21606","GHSA-f585-9fw3-rj2m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4y3h-rxbk-cua1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32534?format=json","vulnerability_id":"VCID-53z5-f3xj-z7bf","summary":"Sensitive Data Exposure in Apache Ant\nApache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1945.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1945.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1945","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04955","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04974","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04957","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04921","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04936","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04918","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05432","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05501","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05467","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1945","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1945"},{"reference_url":"https://security.gentoo.org/glsa/202007-34","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202007-34"},{"reference_url":"https://usn.ubuntu.com/4380-1","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4380-1"},{"reference_url":"https://usn.ubuntu.com/4380-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4380-1/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/09/30/6","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/09/30/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/12/06/1","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/12/06/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837444","reference_id":"1837444","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960630","reference_id":"960630","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960630"},{"reference_url":"https://security.archlinux.org/ASA-202005-15","reference_id":"ASA-202005-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-15"},{"reference_url":"https://security.archlinux.org/AVG-1159","reference_id":"AVG-1159","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1159"},{"reference_url":"https://github.com/advisories/GHSA-4p6w-m9wc-c9c9","reference_id":"GHSA-4p6w-m9wc-c9c9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p6w-m9wc-c9c9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2618","reference_id":"RHSA-2020:2618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4960","reference_id":"RHSA-2020:4960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4961","reference_id":"RHSA-2020:4961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"},{"reference_url":"https://usn.ubuntu.com/USN-4874-1/","reference_id":"USN-USN-4874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4874-1/"}],"fixed_packages":[],"aliases":["CVE-2020-1945","GHSA-4p6w-m9wc-c9c9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53z5-f3xj-z7bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54506?format=json","vulnerability_id":"VCID-5yuh-2e55-hfbt","summary":"Stored XSS vulnerability in Jenkins on new item page\nJenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page.\n\nThis results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.\n\nAs of the publication of this advisory, the Jenkins security team is not aware of any plugins published via the Jenkins project update center that allow doing this.\nJenkins 2.275, LTS 2.263.2 escapes display names and IDs of item types shown on the New Item page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21611.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21611.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21611","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54902","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54816","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54887","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54913","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54883","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54932","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54931","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54943","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54925","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21611"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/8c451b08886561a914ef0c30cbb9d40ea33a9bbe","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/8c451b08886561a914ef0c30cbb9d40ea33a9bbe"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21611","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21611"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2171","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2171"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925145","reference_id":"1925145","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925145"},{"reference_url":"https://security.archlinux.org/ASA-202101-41","reference_id":"ASA-202101-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-41"},{"reference_url":"https://security.archlinux.org/AVG-1446","reference_id":"AVG-1446","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1446"},{"reference_url":"https://github.com/advisories/GHSA-mj7q-cmf3-mg7h","reference_id":"GHSA-mj7q-cmf3-mg7h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mj7q-cmf3-mg7h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[],"aliases":["CVE-2021-21611","GHSA-mj7q-cmf3-mg7h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yuh-2e55-hfbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55024?format=json","vulnerability_id":"VCID-6rk7-hffm-nbau","summary":"Reflected XSS vulnerability in Jenkins markup formatter preview\nJenkins allows administrators to choose the markup formatter to use for descriptions of jobs, builds, views, etc. displayed in Jenkins. When editing such a description, users can choose to have Jenkins render a formatted preview of the description they entered.\n\nJenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering the formatted preview of markup passed as a query parameter. This results in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup, like [Anything Goes Formatter Plugin](https://plugins.jenkins.io/anything-goes-formatter/).\n\nJenkins 2.275, LTS 2.263.2 requires that preview URLs are accessed using POST and sets Content-Security-Policy headers that prevent execution of unsafe elements when the URL is accessed directly.\n\nIn case of problems with this change, these protections can be disabled by setting the [Java system properties](https://www.jenkins.io/doc/book/managing/system-properties/) `hudson.markup.MarkupFormatter.previewsAllowGET` to `true` and/or `hudson.markup.MarkupFormatter.previewsSetCSP` to `false`. Doing either is discouraged.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21610.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21610.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21610","reference_id":"","reference_type":"","scores":[{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55659","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55519","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55631","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55655","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55633","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55685","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55688","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55697","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55677","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21610"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/89ec0c40b68cd1e4e9f9ef5ebcafd87e7fa16589","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/89ec0c40b68cd1e4e9f9ef5ebcafd87e7fa16589"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21610","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21610"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2153","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2153"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925151","reference_id":"1925151","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925151"},{"reference_url":"https://security.archlinux.org/ASA-202101-41","reference_id":"ASA-202101-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-41"},{"reference_url":"https://security.archlinux.org/AVG-1446","reference_id":"AVG-1446","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1446"},{"reference_url":"https://github.com/advisories/GHSA-7qf3-c2q8-69m3","reference_id":"GHSA-7qf3-c2q8-69m3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7qf3-c2q8-69m3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[],"aliases":["CVE-2021-21610","GHSA-7qf3-c2q8-69m3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6rk7-hffm-nbau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55918?format=json","vulnerability_id":"VCID-9zky-rdj1-pudy","summary":"Stored XSS vulnerability in Jenkins button labels\nJenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI.\n\nThis results in a cross-site scripting vulnerability exploitable by attackers with the ability to control button labels. An example of buttons with a user-controlled label are the buttons of the Pipeline `input` step.\n\nJenkins 2.275, LTS 2.263.2 escapes button labels in the Jenkins UI.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21608.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21608.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21608","reference_id":"","reference_type":"","scores":[{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67608","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67531","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67568","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67589","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67567","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67619","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67632","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67655","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67641","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21608"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/8c451b08886561a914ef0c30cbb9d40ea33a9bbe","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/8c451b08886561a914ef0c30cbb9d40ea33a9bbe"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21608","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21608"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2035","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2035"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925140","reference_id":"1925140","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925140"},{"reference_url":"https://security.archlinux.org/ASA-202101-41","reference_id":"ASA-202101-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-41"},{"reference_url":"https://security.archlinux.org/AVG-1446","reference_id":"AVG-1446","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1446"},{"reference_url":"https://github.com/advisories/GHSA-wv63-gwr9-5c55","reference_id":"GHSA-wv63-gwr9-5c55","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wv63-gwr9-5c55"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[],"aliases":["CVE-2021-21608","GHSA-wv63-gwr9-5c55"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zky-rdj1-pudy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55091?format=json","vulnerability_id":"VCID-db62-2h4q-x7fv","summary":"Improper handling of REST API XML deserialization errors in Jenkins\nJenkins provides XML REST APIs to configure views, jobs, and other items. When deserialization fails because of invalid data, Jenkins 2.274 and earlier, LTS 2.263.1 and earlier stores invalid object references created through these endpoints in the Old Data Monitor. If an administrator discards the old data, some erroneous data submitted to these endpoints may be persisted.\n\nThis allows attackers with View/Create, Job/Create, Agent/Create, or their respective */Configure permissions to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects when discarded by an administrator.\\n\\nJenkins 2.275, LTS 2.263.2 does not record submissions from users in Old Data Monitor anymore.\n\nIn case of problems, the [Java system properties](https://www.jenkins.io/doc/book/managing/system-properties/) `hudson.util.RobustReflectionConverter.recordFailuresForAdmins` and `hudson.util.RobustReflectionConverter.recordFailuresForAllAuthentications` can be set to true to record configuration data submissions from administrators or all users, partially or completely disabling this fix.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21604.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21604.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21604","reference_id":"","reference_type":"","scores":[{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74579","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74583","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.7461","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74616","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74653","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74633","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21604"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f1056bd814fc1f19ea241a101d649b8c143807e7","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f1056bd814fc1f19ea241a101d649b8c143807e7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21604","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21604"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925157","reference_id":"1925157","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925157"},{"reference_url":"https://security.archlinux.org/ASA-202101-41","reference_id":"ASA-202101-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-41"},{"reference_url":"https://security.archlinux.org/AVG-1446","reference_id":"AVG-1446","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1446"},{"reference_url":"https://github.com/advisories/GHSA-qv6f-rcv6-6q3x","reference_id":"GHSA-qv6f-rcv6-6q3x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qv6f-rcv6-6q3x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[],"aliases":["CVE-2021-21604","GHSA-qv6f-rcv6-6q3x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db62-2h4q-x7fv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55622?format=json","vulnerability_id":"VCID-evt5-t9pq-n7a7","summary":"Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins\nDue to a time-of-check to time-of-use (TOCTOU) race condition, the file browser for workspaces, archived artifacts, and `$JENKINS_HOME/userContent/` follows symbolic links to locations outside the directory being browsed in Jenkins 2.275 and LTS 2.263.2.\n\nThis allows attackers with Job/Workspace permission and the ability to control workspace contents, e.g., with Job/Configure permission or the ability to change SCM contents, to create symbolic links that allow them to access files outside workspaces using the workspace browser.\n\nThis issue is caused by an incorrectly applied fix for SECURITY-1452 / CVE-2021-21602 in the [2021-01-13 security advisory](https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1452).\n\nJenkins 2.276, LTS 2.263.3 no longer differentiates the check and the use of symlinks in workspace browsers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21615.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21615.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21615","reference_id":"","reference_type":"","scores":[{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63003","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63025","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63039","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63022","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63006","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62961","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.6299","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62902","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62954","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21615"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21615","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21615"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/01/26/2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/01/26/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1921322","reference_id":"1921322","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1921322"},{"reference_url":"https://security.archlinux.org/AVG-1491","reference_id":"AVG-1491","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1491"},{"reference_url":"https://github.com/advisories/GHSA-qxp6-27gw-99cj","reference_id":"GHSA-qxp6-27gw-99cj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qxp6-27gw-99cj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[],"aliases":["CVE-2021-21615","GHSA-qxp6-27gw-99cj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-evt5-t9pq-n7a7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55078?format=json","vulnerability_id":"VCID-rrnb-9h1s-vkef","summary":"Path traversal vulnerability in Jenkins agent names\nJenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override unrelated `config.xml` files. If the global `config.xml` file is replaced, Jenkins will start up with unsafe legacy defaults after a restart.\n\nJenkins 2.275, LTS 2.263.2 ensures that agent names are considered valid names for items to prevent this problem.\n\nIn case of problems, this change can be reverted by setting the [Java system property](https://www.jenkins.io/doc/book/managing/system-properties/) `jenkins.model.Nodes.enforceNameRestrictions` to `false`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21605.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21605.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21605","reference_id":"","reference_type":"","scores":[{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63218","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63128","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63187","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63217","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63234","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63252","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63269","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63254","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21605"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/b19b34db4b24b163d4edc53ccb84f41a3589cb08","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/b19b34db4b24b163d4edc53ccb84f41a3589cb08"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21605","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21605"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2021","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2021"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925143","reference_id":"1925143","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925143"},{"reference_url":"https://security.archlinux.org/ASA-202101-41","reference_id":"ASA-202101-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-41"},{"reference_url":"https://security.archlinux.org/AVG-1446","reference_id":"AVG-1446","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1446"},{"reference_url":"https://github.com/advisories/GHSA-pxgq-gqr9-5gwx","reference_id":"GHSA-pxgq-gqr9-5gwx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pxgq-gqr9-5gwx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[],"aliases":["CVE-2021-21605","GHSA-pxgq-gqr9-5gwx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrnb-9h1s-vkef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37476?format=json","vulnerability_id":"VCID-unby-h128-v3bk","summary":"Code injection in Apache Ant\nAs mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11979.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11979.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11979","reference_id":"","reference_type":"","scores":[{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78098","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78077","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78224","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78194","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78238","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78233","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78186","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11979"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/ant","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ant"},{"reference_url":"https://github.com/apache/ant/commit/87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ant/commit/87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428"},{"reference_url":"https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm"},{"reference_url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11979","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11979"},{"reference_url":"https://security.gentoo.org/glsa/202011-18","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202011-18"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903702","reference_id":"1903702","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903702"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612","reference_id":"971612","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612"},{"reference_url":"https://security.archlinux.org/ASA-202012-5","reference_id":"ASA-202012-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202012-5"},{"reference_url":"https://security.archlinux.org/AVG-1312","reference_id":"AVG-1312","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1312"},{"reference_url":"https://github.com/advisories/GHSA-f62v-xpxf-3v68","reference_id":"GHSA-f62v-xpxf-3v68","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f62v-xpxf-3v68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0423","reference_id":"RHSA-2021:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0429","reference_id":"RHSA-2021:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0429"}],"fixed_packages":[],"aliases":["CVE-2020-11979","GHSA-f62v-xpxf-3v68","GHSA-j45w-qrgf-25vm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-unby-h128-v3bk"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@4.5.0-202102031005.p0.git.0.c6839a2%3Farch=el7"}