{"url":"http://public2.vulnerablecode.io/api/packages/102494?format=json","purl":"pkg:rpm/redhat/jenkins@2.235.5.1600415514-1?arch=el7","type":"rpm","namespace":"redhat","name":"jenkins","version":"2.235.5.1600415514-1","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54965?format=json","vulnerability_id":"VCID-cgen-qcyh-yqbu","summary":"Jenkins Cross-site Scripting vulnerability in project naming strategy\nJenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, that is displayed on item creation.\\n\\nThis results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.\\n\\nJenkins 2.252, LTS 2.235.4 escapes the project naming strategy description.","references":[{"reference_url":"http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2230.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2230","reference_id":"","reference_type":"","scores":[{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59605","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59479","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59512","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59519","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59502","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59475","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59443","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59491","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59549","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59507","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59535","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59368","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59441","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59465","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59432","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59483","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59496","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59514","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59499","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2230"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/e49f690939596acbc9a1be64128b2c7eaf91a6db","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/e49f690939596acbc9a1be64128b2c7eaf91a6db"},{"reference_url":"https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1957","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1957"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2230","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2230"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/08/12/4","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/08/12/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875232","reference_id":"1875232","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875232"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49237.txt","reference_id":"CVE-2020-2230","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49237.txt"},{"reference_url":"https://github.com/advisories/GHSA-9g4m-ffx6-c29g","reference_id":"GHSA-9g4m-ffx6-c29g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9g4m-ffx6-c29g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3808","reference_id":"RHSA-2020:3808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3841","reference_id":"RHSA-2020:3841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4220","reference_id":"RHSA-2020:4220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4223","reference_id":"RHSA-2020:4223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4223"}],"fixed_packages":[],"aliases":["CVE-2020-2230","GHSA-9g4m-ffx6-c29g"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cgen-qcyh-yqbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57541?format=json","vulnerability_id":"VCID-fy5p-8vcs-zkha","summary":"Jenkins Cross-Site Scripting vulnerability in help icons\nJenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values.\nThis results in a stored cross-site scripting (XSS) vulnerability.\nJenkins 2.252, LTS 2.235.4 escapes the tooltip content of help icons.","references":[{"reference_url":"http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2229.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2229.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2229","reference_id":"","reference_type":"","scores":[{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85705","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.8557","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85575","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85571","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85593","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85603","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85604","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85621","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85644","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85662","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85656","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85669","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85476","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85488","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85504","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85509","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85529","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85538","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85552","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.8555","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02572","scoring_system":"epss","scoring_elements":"0.85547","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2229"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/fe4cbe03804d6240d0b58d0b2301ea9530a34916","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/fe4cbe03804d6240d0b58d0b2301ea9530a34916"},{"reference_url":"https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1955","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1955"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2229","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2229"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/08/12/4","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/08/12/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1874830","reference_id":"1874830","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1874830"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49232.txt","reference_id":"CVE-2020-2229","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49232.txt"},{"reference_url":"https://github.com/advisories/GHSA-hvmc-7g2x-r3p9","reference_id":"GHSA-hvmc-7g2x-r3p9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hvmc-7g2x-r3p9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3808","reference_id":"RHSA-2020:3808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3841","reference_id":"RHSA-2020:3841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4220","reference_id":"RHSA-2020:4220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4223","reference_id":"RHSA-2020:4223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4223"}],"fixed_packages":[],"aliases":["CVE-2020-2229","GHSA-hvmc-7g2x-r3p9"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fy5p-8vcs-zkha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55921?format=json","vulnerability_id":"VCID-he3v-ysf3-zkb8","summary":"Stored XSS vulnerability in Jenkins console links\nJenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the `href` attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission.\n\nJenkins 2.245, LTS 2.235.2 escapes the `href` attribute of these links.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2223.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2223.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2223","reference_id":"","reference_type":"","scores":[{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66676","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.6648","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66515","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66533","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66518","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66542","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66558","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66559","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66577","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66621","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66594","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66614","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66405","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66444","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66471","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66442","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.6649","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66524","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66511","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2223"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/11f4a351224ef04cfeb9c7636fb1590b67543f3c","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/11f4a351224ef04cfeb9c7636fb1590b67543f3c"},{"reference_url":"https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2223","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2223"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/07/15/5","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/07/15/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857433","reference_id":"1857433","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857433"},{"reference_url":"https://github.com/advisories/GHSA-gfhj-524q-gcrm","reference_id":"GHSA-gfhj-524q-gcrm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gfhj-524q-gcrm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3519","reference_id":"RHSA-2020:3519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3519"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3541","reference_id":"RHSA-2020:3541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3808","reference_id":"RHSA-2020:3808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3808"}],"fixed_packages":[],"aliases":["CVE-2020-2223","GHSA-gfhj-524q-gcrm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-he3v-ysf3-zkb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55008?format=json","vulnerability_id":"VCID-kusb-1k76-a3ck","summary":"Stored XSS vulnerability in Jenkins job build time trend\nJenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.\n\nJenkins 2.245, LTS 2.235.2 escapes the agent name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2220.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2220","reference_id":"","reference_type":"","scores":[{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61997","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.6187","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61913","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61918","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61897","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61915","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61907","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61852","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61899","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61961","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61914","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61942","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61742","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61816","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61846","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61865","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61881","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61902","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.6189","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2220"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/b43531acee280dedc3ea454a2fc5a1a42990ddda","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/b43531acee280dedc3ea454a2fc5a1a42990ddda"},{"reference_url":"https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1868","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1868"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2220","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2220"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/07/15/5","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/07/15/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857425","reference_id":"1857425","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857425"},{"reference_url":"https://github.com/advisories/GHSA-qgj4-rc8m-44mq","reference_id":"GHSA-qgj4-rc8m-44mq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qgj4-rc8m-44mq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3519","reference_id":"RHSA-2020:3519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3519"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3541","reference_id":"RHSA-2020:3541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3808","reference_id":"RHSA-2020:3808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3808"}],"fixed_packages":[],"aliases":["CVE-2020-2220","GHSA-qgj4-rc8m-44mq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kusb-1k76-a3ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57760?format=json","vulnerability_id":"VCID-nqxw-x7ea-aqew","summary":"Stored XSS vulnerability in Jenkins upstream cause\nJenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.\n\nJenkins 2.245, LTS 2.235.2 escapes the job display name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2221.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2221.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2221","reference_id":"","reference_type":"","scores":[{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67111","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.6697","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66984","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66966","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66988","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66999","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66971","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67014","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67052","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67025","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67048","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66863","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.669","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66927","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66949","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66962","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66982","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66968","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.66936","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2221"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f6e575381bdba85afaf27c529d7298091f226e49","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f6e575381bdba85afaf27c529d7298091f226e49"},{"reference_url":"https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1901","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1901"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2221","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2221"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/07/15/5","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/07/15/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857427","reference_id":"1857427","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857427"},{"reference_url":"https://github.com/advisories/GHSA-g4j6-m3m3-crw8","reference_id":"GHSA-g4j6-m3m3-crw8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4j6-m3m3-crw8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3519","reference_id":"RHSA-2020:3519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3519"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3541","reference_id":"RHSA-2020:3541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3808","reference_id":"RHSA-2020:3808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3808"}],"fixed_packages":[],"aliases":["CVE-2020-2221","GHSA-g4j6-m3m3-crw8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqxw-x7ea-aqew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59111?format=json","vulnerability_id":"VCID-re1r-xjv4-sqd3","summary":"Improper Neutralization of Input During Web Page Generation in Jenkins\nJenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.","references":[{"reference_url":"http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2231.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2231.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2231","reference_id":"","reference_type":"","scores":[{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64843","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64696","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64716","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64728","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64726","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64705","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64752","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64797","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64768","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64789","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64581","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64634","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64663","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.6462","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64669","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64684","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64701","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64689","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64661","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64697","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64709","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2231"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/29c9a8fdeafe26fded955cfba188f50fd4f1786a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/29c9a8fdeafe26fded955cfba188f50fd4f1786a"},{"reference_url":"https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2231","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2231"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/08/12/4","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/08/12/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875234","reference_id":"1875234","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875234"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49244.txt","reference_id":"CVE-2020-2231","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49244.txt"},{"reference_url":"https://github.com/advisories/GHSA-jpvq-v729-7j2h","reference_id":"GHSA-jpvq-v729-7j2h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jpvq-v729-7j2h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3808","reference_id":"RHSA-2020:3808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3841","reference_id":"RHSA-2020:3841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4220","reference_id":"RHSA-2020:4220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4223","reference_id":"RHSA-2020:4223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4223"}],"fixed_packages":[],"aliases":["CVE-2020-2231","GHSA-jpvq-v729-7j2h"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-re1r-xjv4-sqd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33370?format=json","vulnerability_id":"VCID-sw3q-jzqx-dkbn","summary":"Operation on a Resource after Expiration or Release in Jetty Server\nIn Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with response2 data. Thread1 then proceeds to write the buffer that now contains response2 data. This results in client1, which issued request1 and expects responses, to see response2 which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17638.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17638.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17638","reference_id":"","reference_type":"","scores":[{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96786","published_at":"2026-05-14T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96778","published_at":"2026-05-12T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96773","published_at":"2026-05-11T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96771","published_at":"2026-05-09T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96729","published_at":"2026-04-08T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96765","published_at":"2026-05-07T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96762","published_at":"2026-05-05T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96753","published_at":"2026-04-29T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.9675","published_at":"2026-04-26T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96748","published_at":"2026-04-24T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96749","published_at":"2026-04-21T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96746","published_at":"2026-04-18T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96742","published_at":"2026-04-16T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96736","published_at":"2026-04-13T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96733","published_at":"2026-04-12T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.9673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96721","published_at":"2026-04-07T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96717","published_at":"2026-04-04T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96715","published_at":"2026-04-02T12:55:00Z"},{"value":"0.30928","scoring_system":"epss","scoring_elements":"0.96705","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17638"},{"reference_url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17638","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17638"},{"reference_url":"https://github.com/eclipse/jetty.project/commit/ff8ae56fa939c3477a0cdd1ff56ce3d902f08fba","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/eclipse/jetty.project/commit/ff8ae56fa939c3477a0cdd1ff56ce3d902f08fba"},{"reference_url":"https://github.com/eclipse/jetty.project/issues/4936","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/eclipse/jetty.project/issues/4936"},{"reference_url":"https://lists.apache.org/thread.html/r29073905dc9139d0d7a146595694bf57bb9e35e5ec6aa73eb9c8443a@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r29073905dc9139d0d7a146595694bf57bb9e35e5ec6aa73eb9c8443a@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r378e4cdec15e132575aa1dcb6296ffeff2a896745a8991522e266ad4@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r378e4cdec15e132575aa1dcb6296ffeff2a896745a8991522e266ad4@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4bdd3f7bb6820a79f9416b6667d718a06d269018619a75ce4b759318@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4bdd3f7bb6820a79f9416b6667d718a06d269018619a75ce4b759318@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r521168299e023fb075b57afe33d17ff1d09e8a10e0fd8c775ea0e028@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r521168299e023fb075b57afe33d17ff1d09e8a10e0fd8c775ea0e028@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7fc5f2ed49641ea91c433e3cd0fc3d31c0278c87b82b15c33b881415@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7fc5f2ed49641ea91c433e3cd0fc3d31c0278c87b82b15c33b881415@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r81f58591fb4716fb867b36956f30c7c8ad4ab3f23abc952d9d86a2a0@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r81f58591fb4716fb867b36956f30c7c8ad4ab3f23abc952d9d86a2a0@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9a2cfa56d30782a0c17a5deb951a622d1f5c8de48e1c3b578ffc2a84@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9a2cfa56d30782a0c17a5deb951a622d1f5c8de48e1c3b578ffc2a84@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra8661fc8c69c647cb06153c1485d48484a833d873f75dfe45937e9de@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra8661fc8c69c647cb06153c1485d48484a833d873f75dfe45937e9de@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbe1f230e87ea947593145d0072d0097ddb0af10fee1161db8ca1546c@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbe1f230e87ea947593145d0072d0097ddb0af10fee1161db8ca1546c@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd98cfd012490cb02caa1a11aaa0cc38bff2d43bcce9b20c2f01063dd@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd98cfd012490cb02caa1a11aaa0cc38bff2d43bcce9b20c2f01063dd@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17638","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17638"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-575561","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-575561"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/08/17/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1864680","reference_id":"1864680","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1864680"},{"reference_url":"https://github.com/advisories/GHSA-x3rh-m7vp-35f2","reference_id":"GHSA-x3rh-m7vp-35f2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x3rh-m7vp-35f2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3808","reference_id":"RHSA-2020:3808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3841","reference_id":"RHSA-2020:3841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4220","reference_id":"RHSA-2020:4220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4223","reference_id":"RHSA-2020:4223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5568","reference_id":"RHSA-2020:5568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5568"}],"fixed_packages":[],"aliases":["CVE-2019-17638","GHSA-x3rh-m7vp-35f2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sw3q-jzqx-dkbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54855?format=json","vulnerability_id":"VCID-v5aw-ffxe-ckdv","summary":"Stored XSS vulnerability in Jenkins 'keep forever' badge icon\nJenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure job names.\n\nAs job names do not generally support the character set needed for XSS, this is believed to be difficult to exploit in common configurations.\n\nJenkins 2.245, LTS 2.235.2 escapes the job name in the 'Keep this build forever' badge tooltip.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2222.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2222.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2222","reference_id":"","reference_type":"","scores":[{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66984","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66852","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66835","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.6686","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66873","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.6687","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.6684","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66883","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66924","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66897","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.6692","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66731","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.6677","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66767","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66816","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66831","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66851","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66837","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66805","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-2222"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/e7443ef2ef255253231f3f1db0034fae39f0cba5","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/e7443ef2ef255253231f3f1db0034fae39f0cba5"},{"reference_url":"https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2222","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2222"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/07/15/5","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/07/15/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857431","reference_id":"1857431","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857431"},{"reference_url":"https://github.com/advisories/GHSA-864v-5q2g-fr64","reference_id":"GHSA-864v-5q2g-fr64","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-864v-5q2g-fr64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3519","reference_id":"RHSA-2020:3519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3519"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3541","reference_id":"RHSA-2020:3541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3808","reference_id":"RHSA-2020:3808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3808"}],"fixed_packages":[],"aliases":["CVE-2020-2222","GHSA-864v-5q2g-fr64"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v5aw-ffxe-ckdv"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.235.5.1600415514-1%3Farch=el7"}