{"url":"http://public2.vulnerablecode.io/api/packages/106849?format=json","purl":"pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.82-1.git.1063.48444e8?arch=el7","type":"rpm","namespace":"redhat","name":"golang-github-prometheus-node_exporter","version":"3.11.82-1.git.1063.48444e8","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30805?format=json","vulnerability_id":"VCID-1s7q-drqn-4bhd","summary":"Withdrawn Advisory: Prometheus XSS Vulnerability\n## Withdrawn Advisory\nThis advisory has been withdrawn because the vulnerability does not apply to the Prometheus golang package. This link is maintained to preserve external references.\n\n## Original Description\nA stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3826.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3826.json"},{"reference_url":"https://advisory.checkmarx.net/advisory/CX-2019-4297","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://advisory.checkmarx.net/advisory/CX-2019-4297"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3826","reference_id":"","reference_type":"","scores":[{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.80811","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.80926","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.8092","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.80895","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.80858","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.80866","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.8088","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.80864","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.80855","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.80801","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.80827","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.80831","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.80899","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.80897","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01685","scoring_system":"epss","scoring_elements":"0.82299","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01685","scoring_system":"epss","scoring_elements":"0.82282","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3826"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826"},{"reference_url":"https://github.com/aquasecurity/trivy/issues/2992","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aquasecurity/trivy/issues/2992"},{"reference_url":"https://github.com/prometheus/prometheus/commit/62e591f9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/prometheus/prometheus/commit/62e591f9"},{"reference_url":"https://github.com/prometheus/prometheus/pull/5163","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/prometheus/prometheus/pull/5163"},{"reference_url":"https://github.com/prometheus/prometheus/pull/5163/commits/ea254eea5e3c9a12d6f37a25921b7259ff1c4280","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/prometheus/prometheus/pull/5163/commits/ea254eea5e3c9a12d6f37a25921b7259ff1c4280"},{"reference_url":"https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/merge_requests/26608","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/merge_requests/26608"},{"reference_url":"https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8%40%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8%40%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177%40%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177%40%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573%40%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573%40%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3826","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3826"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672865","reference_id":"1672865","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672865"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921615","reference_id":"921615","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921615"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:prometheus:prometheus:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:prometheus:prometheus:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:prometheus:prometheus:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"}],"fixed_packages":[],"aliases":["CVE-2019-3826","GHSA-3m87-5598-2v4f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1s7q-drqn-4bhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4917?format=json","vulnerability_id":"VCID-2hfm-g99a-67de","summary":"A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0326","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0326"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000865.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000865.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000865","reference_id":"","reference_type":"","scores":[{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69954","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69885","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69926","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69935","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69917","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69968","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69977","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69979","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69823","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69835","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.6985","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69827","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69876","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69891","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69914","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69899","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000865"},{"reference_url":"https://github.com/jenkinsci/groovy-sandbox/commit/0cd7ec12b7c56cfa3167d99c5f43147ce05449d3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jenkinsci/groovy-sandbox/commit/0cd7ec12b7c56cfa3167d99c5f43147ce05449d3"},{"reference_url":"https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b"},{"reference_url":"https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1647059","reference_id":"1647059","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1647059"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000865","reference_id":"CVE-2018-1000865","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000865"},{"reference_url":"https://github.com/advisories/GHSA-p4p5-3v2j-w5rv","reference_id":"GHSA-p4p5-3v2j-w5rv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p4p5-3v2j-w5rv"}],"fixed_packages":[],"aliases":["CVE-2018-1000865","GHSA-p4p5-3v2j-w5rv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2hfm-g99a-67de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14643?format=json","vulnerability_id":"VCID-2qhb-fu9x-k7bd","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.","references":[{"reference_url":"http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0326","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0326"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003001.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003001.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003001","reference_id":"","reference_type":"","scores":[{"value":"0.93935","scoring_system":"epss","scoring_elements":"0.99883","published_at":"2026-05-05T12:55:00Z"},{"value":"0.93935","scoring_system":"epss","scoring_elements":"0.99878","published_at":"2026-04-01T12:55:00Z"},{"value":"0.93935","scoring_system":"epss","scoring_elements":"0.99879","published_at":"2026-04-02T12:55:00Z"},{"value":"0.93935","scoring_system":"epss","scoring_elements":"0.9988","published_at":"2026-04-11T12:55:00Z"},{"value":"0.93935","scoring_system":"epss","scoring_elements":"0.99881","published_at":"2026-04-13T12:55:00Z"},{"value":"0.93935","scoring_system":"epss","scoring_elements":"0.99882","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003001"},{"reference_url":"https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/6d7884dec610bf34503d24d494d994e9fc607642","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/6d7884dec610bf34503d24d494d994e9fc607642"},{"reference_url":"https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c"},{"reference_url":"https://github.com/jenkinsci/workflow-cps-plugin/commit/66c3e7aafe7888d4e1fe9995a688bb3fb742d742","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/workflow-cps-plugin/commit/66c3e7aafe7888d4e1fe9995a688bb3fb742d742"},{"reference_url":"https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266"},{"reference_url":"https://www.exploit-db.com/exploits/46572","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46572"},{"reference_url":"https://www.exploit-db.com/exploits/46572/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46572/"},{"reference_url":"http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669505","reference_id":"1669505","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669505"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:pipeline\\:_groovy:*:*:*:*:*:jenkins:*:*","reference_id":"cpe:2.3:a:jenkins:pipeline\\:_groovy:*:*:*:*:*:jenkins:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:pipeline\\:_groovy:*:*:*:*:*:jenkins:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003001","reference_id":"CVE-2019-1003001","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003001"},{"reference_url":"https://github.com/advisories/GHSA-6q78-6xvr-26fg","reference_id":"GHSA-6q78-6xvr-26fg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6q78-6xvr-26fg"}],"fixed_packages":[],"aliases":["CVE-2019-1003001","GHSA-6q78-6xvr-26fg"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qhb-fu9x-k7bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82941?format=json","vulnerability_id":"VCID-31wf-mpnt-dycm","summary":"haproxy: Out-of-bounds read in dns.c:dns_validate_dns_response() allows for memory disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20102.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20102.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20102","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09068","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09012","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09128","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09098","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09074","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09126","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09046","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09156","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09157","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09124","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0911","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09005","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.08985","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09141","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09183","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20102"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20102","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20102"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658874","reference_id":"1658874","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658874"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916308","reference_id":"916308","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916308"},{"reference_url":"https://security.archlinux.org/ASA-201901-15","reference_id":"ASA-201901-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-15"},{"reference_url":"https://security.archlinux.org/AVG-836","reference_id":"AVG-836","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0547","reference_id":"RHSA-2019:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1436","reference_id":"RHSA-2019:1436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1436"},{"reference_url":"https://usn.ubuntu.com/3858-1/","reference_id":"USN-3858-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3858-1/"}],"fixed_packages":[],"aliases":["CVE-2018-20102"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-31wf-mpnt-dycm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82942?format=json","vulnerability_id":"VCID-48er-rqvk-nyhg","summary":"haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20103.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20103.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20103","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27737","published_at":"2026-04-01T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.2717","published_at":"2026-05-05T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27416","published_at":"2026-04-26T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27338","published_at":"2026-04-29T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27774","published_at":"2026-04-02T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27813","published_at":"2026-04-04T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27671","published_at":"2026-04-08T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27715","published_at":"2026-04-09T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27719","published_at":"2026-04-11T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27676","published_at":"2026-04-12T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27617","published_at":"2026-04-13T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27626","published_at":"2026-04-16T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27562","published_at":"2026-04-21T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27522","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20103"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658876","reference_id":"1658876","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658876"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916307","reference_id":"916307","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916307"},{"reference_url":"https://security.archlinux.org/ASA-201901-15","reference_id":"ASA-201901-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-15"},{"reference_url":"https://security.archlinux.org/AVG-836","reference_id":"AVG-836","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1436","reference_id":"RHSA-2019:1436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1436"},{"reference_url":"https://usn.ubuntu.com/3858-1/","reference_id":"USN-3858-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3858-1/"}],"fixed_packages":[],"aliases":["CVE-2018-20103"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48er-rqvk-nyhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14681?format=json","vulnerability_id":"VCID-537v-ugyf-17e2","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nAn cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0326","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0326"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003014.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003014.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003014","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19526","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19829","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19882","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19891","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19847","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.1979","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19762","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19765","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19777","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19672","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19666","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19632","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19818","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19964","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20022","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19749","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003014"},{"reference_url":"https://github.com/jenkinsci/config-file-provider-plugin","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/config-file-provider-plugin"},{"reference_url":"https://github.com/jenkinsci/config-file-provider-plugin/commit/64fba993c897ff52a9c6c38c6c41806f2e8cc73f","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/config-file-provider-plugin/commit/64fba993c897ff52a9c6c38c6c41806f2e8cc73f"},{"reference_url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1253","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1253"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671324","reference_id":"1671324","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671324"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:config_file_provider:*:*:*:*:*:jenkins:*:*","reference_id":"cpe:2.3:a:jenkins:config_file_provider:*:*:*:*:*:jenkins:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:config_file_provider:*:*:*:*:*:jenkins:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003014","reference_id":"CVE-2019-1003014","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003014"},{"reference_url":"https://github.com/advisories/GHSA-pmc5-74w3-78mw","reference_id":"GHSA-pmc5-74w3-78mw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pmc5-74w3-78mw"}],"fixed_packages":[],"aliases":["CVE-2019-1003014","GHSA-pmc5-74w3-78mw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-537v-ugyf-17e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4908?format=json","vulnerability_id":"VCID-6ncw-2m21-t3bg","summary":"A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0326","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0326"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000866.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000866.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000866","reference_id":"","reference_type":"","scores":[{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69954","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69876","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69891","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69914","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69899","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69885","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69926","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69935","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69917","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69968","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69977","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69979","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69823","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69835","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.6985","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69827","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000866"},{"reference_url":"https://github.com/jenkinsci/groovy-sandbox/commit/0cd7ec12b7c56cfa3167d99c5f43147ce05449d3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jenkinsci/groovy-sandbox/commit/0cd7ec12b7c56cfa3167d99c5f43147ce05449d3"},{"reference_url":"https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b"},{"reference_url":"https://github.com/jenkinsci/workflow-cps-plugin/commit/0eb89aaf24065dbbdf6db84516ac1a52cd435e6d","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/workflow-cps-plugin/commit/0eb89aaf24065dbbdf6db84516ac1a52cd435e6d"},{"reference_url":"https://github.com/jenkinsci/workflow-cps-plugin/commit/e1c56eb6d85d513cb24dfe188e6f592d0ff84b38","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/workflow-cps-plugin/commit/e1c56eb6d85d513cb24dfe188e6f592d0ff84b38"},{"reference_url":"https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1647059","reference_id":"1647059","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1647059"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000866","reference_id":"CVE-2018-1000866","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000866"},{"reference_url":"https://github.com/advisories/GHSA-gqhm-4h93-rrhg","reference_id":"GHSA-gqhm-4h93-rrhg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gqhm-4h93-rrhg"}],"fixed_packages":[],"aliases":["CVE-2018-1000866","GHSA-gqhm-4h93-rrhg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ncw-2m21-t3bg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10284?format=json","vulnerability_id":"VCID-8575-gsc8-xkd6","summary":"Cross-Site Request Forgery (CSRF)\nA cross-site request forgery vulnerability exists in Jenkins Git Plugin in `src/main/java/hudson/plugins/git/GitTagAction.java` allowing attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0326","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0326"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003010.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003010.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003010","reference_id":"","reference_type":"","scores":[{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70921","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70876","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.7086","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70845","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70891","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70897","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70877","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70932","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70941","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70939","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70786","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.708","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70819","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70794","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70837","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70853","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003010"},{"reference_url":"https://github.com/jenkinsci/git-plugin/commit/f9152d943936b1c6b493dfe750d27f0caa7c0767","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/git-plugin/commit/f9152d943936b1c6b493dfe750d27f0caa7c0767"},{"reference_url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670292","reference_id":"1670292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670292"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:git:*:*:*:*:*:jenkins:*:*","reference_id":"cpe:2.3:a:jenkins:git:*:*:*:*:*:jenkins:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:git:*:*:*:*:*:jenkins:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003010","reference_id":"CVE-2019-1003010","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003010"},{"reference_url":"https://github.com/advisories/GHSA-r8rw-xx57-m64q","reference_id":"GHSA-r8rw-xx57-m64q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r8rw-xx57-m64q"}],"fixed_packages":[],"aliases":["CVE-2019-1003010","GHSA-r8rw-xx57-m64q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8575-gsc8-xkd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82892?format=json","vulnerability_id":"VCID-8e1s-dgj6-vyfq","summary":"haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00018.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00018.html"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20615.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20615.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20615","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37523","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37127","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37353","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37334","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37245","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37705","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3773","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37609","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3766","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37653","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37672","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37654","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3759","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20615"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mail-archive.com/haproxy%40formilux.org/msg32304.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.mail-archive.com/haproxy%40formilux.org/msg32304.html"},{"reference_url":"http://www.securityfocus.com/bid/106645","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106645"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663060","reference_id":"1663060","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663060"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev10:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev10:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev10:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev8:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev8:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev8:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev9:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20615","reference_id":"CVE-2018-20615","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20615"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0275","reference_id":"RHSA-2019:0275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0547","reference_id":"RHSA-2019:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0548","reference_id":"RHSA-2019:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0548"},{"reference_url":"https://usn.ubuntu.com/3858-1/","reference_id":"USN-3858-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3858-1/"}],"fixed_packages":[],"aliases":["CVE-2018-20615"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8e1s-dgj6-vyfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10245?format=json","vulnerability_id":"VCID-a6ur-dzqs-hfge","summary":"Code Injection\nA sandbox bypass vulnerability exists in Script Security Plugin that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.","references":[{"reference_url":"http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0326","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0326"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003000.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003000.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003000","reference_id":"","reference_type":"","scores":[{"value":"0.94343","scoring_system":"epss","scoring_elements":"0.99956","published_at":"2026-04-26T12:55:00Z"},{"value":"0.94343","scoring_system":"epss","scoring_elements":"0.99955","published_at":"2026-04-21T12:55:00Z"},{"value":"0.94343","scoring_system":"epss","scoring_elements":"0.99957","published_at":"2026-05-05T12:55:00Z"},{"value":"0.94441","scoring_system":"epss","scoring_elements":"0.9999","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003000"},{"reference_url":"https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c"},{"reference_url":"https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266"},{"reference_url":"https://www.exploit-db.com/exploits/46453","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46453"},{"reference_url":"https://www.exploit-db.com/exploits/46453/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46453/"},{"reference_url":"https://www.exploit-db.com/exploits/46572","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46572"},{"reference_url":"https://www.exploit-db.com/exploits/46572/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46572/"},{"reference_url":"http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1667566","reference_id":"1667566","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1667566"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*","reference_id":"cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003000","reference_id":"CVE-2019-1003000","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003000"},{"reference_url":"https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html","reference_id":"CVE-2019-1003002;CVE-2019-1003001;CVE-2019-1003000","reference_type":"exploit","scores":[],"url":"https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/46572.rb","reference_id":"CVE-2019-1003002;CVE-2019-1003001;CVE-2019-1003000","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/46572.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/46427.txt","reference_id":"CVE-2019-1003002;CVE-2019-1003001;CVE-2019-1003000","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/46427.txt"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/24143f812c7bede6d0ab66a6830761f621140ebd/modules/exploits/multi/http/jenkins_metaprogramming.rb","reference_id":"CVE-2019-1003002;CVE-2019-1003001;CVE-2019-1003000","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/24143f812c7bede6d0ab66a6830761f621140ebd/modules/exploits/multi/http/jenkins_metaprogramming.rb"},{"reference_url":"https://github.com/advisories/GHSA-784j-h234-m56x","reference_id":"GHSA-784j-h234-m56x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-784j-h234-m56x"}],"fixed_packages":[],"aliases":["CVE-2019-1003000","GHSA-784j-h234-m56x"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6ur-dzqs-hfge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10285?format=json","vulnerability_id":"VCID-bmfa-vgay-2fbt","summary":"Cross-Site Request Forgery (CSRF)\nA data modification vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-core-js/src/js/bundleStartup.js`, `blueocean-core-js/src/js/fetch.ts`, `blueocean-core-js/src/js/i18n/i18n.js`, `blueocean-core-js/src/js/urlconfig.js`, `blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java`, `blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly` that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0326","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0326"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003012.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003012.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003012","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35649","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36203","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36166","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3614","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36182","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36167","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36116","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35885","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35853","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35766","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36066","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36295","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3613","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36197","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003012"},{"reference_url":"https://github.com/jenkinsci/blueocean-plugin/commit/1a03020b5a50c1e3f47d4b0902ec7fc78d3c86ce","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/blueocean-plugin/commit/1a03020b5a50c1e3f47d4b0902ec7fc78d3c86ce"},{"reference_url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670298","reference_id":"1670298","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670298"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*","reference_id":"cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003012","reference_id":"CVE-2019-1003012","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003012"},{"reference_url":"https://github.com/advisories/GHSA-qxh5-5r5p-5gvf","reference_id":"GHSA-qxh5-5r5p-5gvf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qxh5-5r5p-5gvf"}],"fixed_packages":[],"aliases":["CVE-2019-1003012","GHSA-qxh5-5r5p-5gvf"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmfa-vgay-2fbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10246?format=json","vulnerability_id":"VCID-cf29-8rvn-kfbd","summary":"Insufficient Session Expiration\nAn improper authorization vulnerability exists in Jenkins in `core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java` that allows attackers with `Overall/RunScripts` permission to craft Remember Me cookies that would never expire, allowing to persist access to temporarily compromised user accounts.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003003.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003003.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003003","reference_id":"","reference_type":"","scores":[{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83514","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83484","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83483","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83481","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83446","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83442","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.8354","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83516","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83432","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83457","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83381","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.8345","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83394","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83409","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01946","scoring_system":"epss","scoring_elements":"0.83408","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003003"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/7b4649657f90e98a5564cf5f0892deaa5fee0454","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/7b4649657f90e98a5564cf5f0892deaa5fee0454"},{"reference_url":"https://jenkins.io/security/advisory/2019-01-16/#SECURITY-868","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2019-01-16/#SECURITY-868"},{"reference_url":"https://web.archive.org/web/20200227092104/http://www.securityfocus.com/bid/106680","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227092104/http://www.securityfocus.com/bid/106680"},{"reference_url":"http://www.securityfocus.com/bid/106680","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106680"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668345","reference_id":"1668345","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668345"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003003","reference_id":"CVE-2019-1003003","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003003"},{"reference_url":"https://github.com/advisories/GHSA-6rh5-23hx-j452","reference_id":"GHSA-6rh5-23hx-j452","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6rh5-23hx-j452"}],"fixed_packages":[],"aliases":["CVE-2019-1003003","GHSA-6rh5-23hx-j452"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cf29-8rvn-kfbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10287?format=json","vulnerability_id":"VCID-gmw4-qd6z-aqht","summary":"Cross-site Scripting\nAn cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export/ExportConfig.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java`, `blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly' that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0326","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0326"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003013.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003013","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18662","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19077","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18978","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18932","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18946","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18955","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18847","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18828","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18783","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19035","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1917","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19222","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18938","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19017","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19071","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003013"},{"reference_url":"https://github.com/jenkinsci/blueocean-plugin/commit/62775e78532b756826bb237775b64a5052624b57","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/blueocean-plugin/commit/62775e78532b756826bb237775b64a5052624b57"},{"reference_url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670299","reference_id":"1670299","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670299"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*","reference_id":"cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003013","reference_id":"CVE-2019-1003013","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003013"},{"reference_url":"https://github.com/advisories/GHSA-7fjr-5hph-c2mh","reference_id":"GHSA-7fjr-5hph-c2mh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7fjr-5hph-c2mh"}],"fixed_packages":[],"aliases":["CVE-2019-1003013","GHSA-7fjr-5hph-c2mh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmw4-qd6z-aqht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10282?format=json","vulnerability_id":"VCID-qdk1-p4qg-p3ar","summary":"Improper Input Validation\nAn information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin which allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0326","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0326"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003011.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003011.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003011","reference_id":"","reference_type":"","scores":[{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.6819","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68175","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68161","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68128","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68165","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68177","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68159","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68202","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68211","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68215","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68087","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68106","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68084","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68135","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.6815","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003011"},{"reference_url":"https://github.com/jenkinsci/token-macro-plugin/commit/70163600031ea8d43833e6eea928f8fa2e44f96a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/token-macro-plugin/commit/70163600031ea8d43833e6eea928f8fa2e44f96a"},{"reference_url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670296","reference_id":"1670296","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670296"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:token_macro:*:*:*:*:*:jenkins:*:*","reference_id":"cpe:2.3:a:jenkins:token_macro:*:*:*:*:*:jenkins:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:token_macro:*:*:*:*:*:jenkins:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003011","reference_id":"CVE-2019-1003011","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003011"},{"reference_url":"https://github.com/advisories/GHSA-23h9-m55m-c5jp","reference_id":"GHSA-23h9-m55m-c5jp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-23h9-m55m-c5jp"}],"fixed_packages":[],"aliases":["CVE-2019-1003011","GHSA-23h9-m55m-c5jp"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdk1-p4qg-p3ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10235?format=json","vulnerability_id":"VCID-uyuv-7nbj-zfcp","summary":"Insufficient Session Expiration\nAn improper authorization vulnerability exists in Jenkins in `core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java` that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003004.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003004.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003004","reference_id":"","reference_type":"","scores":[{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82618","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82529","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82525","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.8252","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82557","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82561","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82582","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82592","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82598","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82447","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82462","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82479","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.82503","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01743","scoring_system":"epss","scoring_elements":"0.8251","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003004"},{"reference_url":"https://jenkins.io/security/advisory/2019-01-16/#SECURITY-901","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2019-01-16/#SECURITY-901"},{"reference_url":"http://www.securityfocus.com/bid/106680","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106680"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668736","reference_id":"1668736","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668736"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003004","reference_id":"CVE-2019-1003004","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003004"},{"reference_url":"https://github.com/advisories/GHSA-8qxp-g8jv-p37x","reference_id":"GHSA-8qxp-g8jv-p37x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8qxp-g8jv-p37x"}],"fixed_packages":[],"aliases":["CVE-2019-1003004","GHSA-8qxp-g8jv-p37x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyuv-7nbj-zfcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15100?format=json","vulnerability_id":"VCID-ygq7-sv7h-7fax","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.","references":[{"reference_url":"http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0326","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0326"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003002.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003002.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003002","reference_id":"","reference_type":"","scores":[{"value":"0.93454","scoring_system":"epss","scoring_elements":"0.99825","published_at":"2026-05-05T12:55:00Z"},{"value":"0.93454","scoring_system":"epss","scoring_elements":"0.99818","published_at":"2026-04-04T12:55:00Z"},{"value":"0.93454","scoring_system":"epss","scoring_elements":"0.99819","published_at":"2026-04-09T12:55:00Z"},{"value":"0.93454","scoring_system":"epss","scoring_elements":"0.9982","published_at":"2026-04-13T12:55:00Z"},{"value":"0.93454","scoring_system":"epss","scoring_elements":"0.99821","published_at":"2026-04-18T12:55:00Z"},{"value":"0.93454","scoring_system":"epss","scoring_elements":"0.99822","published_at":"2026-04-21T12:55:00Z"},{"value":"0.93454","scoring_system":"epss","scoring_elements":"0.99824","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1003002"},{"reference_url":"https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/083abd96e68fd89f556a0cd53db5f878dbf09b92","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/083abd96e68fd89f556a0cd53db5f878dbf09b92"},{"reference_url":"https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266"},{"reference_url":"https://www.exploit-db.com/exploits/46572","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46572"},{"reference_url":"https://www.exploit-db.com/exploits/46572/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46572/"},{"reference_url":"http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669508","reference_id":"1669508","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669508"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:pipeline\\:_declarative:*:*:*:*:*:jenkins:*:*","reference_id":"cpe:2.3:a:jenkins:pipeline\\:_declarative:*:*:*:*:*:jenkins:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:pipeline\\:_declarative:*:*:*:*:*:jenkins:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003002","reference_id":"CVE-2019-1003002","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003002"},{"reference_url":"https://github.com/advisories/GHSA-x6jx-cxg3-mggh","reference_id":"GHSA-x6jx-cxg3-mggh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x6jx-cxg3-mggh"}],"fixed_packages":[],"aliases":["CVE-2019-1003002","GHSA-x6jx-cxg3-mggh"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ygq7-sv7h-7fax"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.82-1.git.1063.48444e8%3Farch=el7"}