{"url":"http://public2.vulnerablecode.io/api/packages/116331?format=json","purl":"pkg:rpm/redhat/nodejs-event-stream@3.3.2-1?arch=el7aos","type":"rpm","namespace":"redhat","name":"nodejs-event-stream","version":"3.3.2-1","qualifiers":{"arch":"el7aos"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15470?format=json","vulnerability_id":"VCID-1zas-w8w2-4ydr","summary":"Jenkins Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3681.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3681.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3681","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48139","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48197","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48248","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48243","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48199","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48181","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48191","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48133","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.4817","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.4819","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.4814","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48194","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48188","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48212","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48186","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3681"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147766","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147766"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/96975","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/96975"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3681","reference_id":"CVE-2014-3681","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3681"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3681","reference_id":"CVE-2014-3681","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3681"},{"reference_url":"https://github.com/advisories/GHSA-cwh9-f8m6-6r63","reference_id":"GHSA-cwh9-f8m6-6r63","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cwh9-f8m6-6r63"}],"fixed_packages":[],"aliases":["CVE-2014-3681","GHSA-cwh9-f8m6-6r63"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1zas-w8w2-4ydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55568?format=json","vulnerability_id":"VCID-2vbv-gzfv-83ae","summary":"Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs\nJenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3663.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3663.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3663","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3663"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3663","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20083","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20239","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20244","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20242","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2012","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20115","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20255","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20399","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20459","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20184","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20265","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20324","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20354","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20309","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2025","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3663"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147764","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147764"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3663","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3663"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-64mc-2m9p-23c8","reference_id":"GHSA-64mc-2m9p-23c8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-64mc-2m9p-23c8"}],"fixed_packages":[],"aliases":["CVE-2014-3663","GHSA-64mc-2m9p-23c8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vbv-gzfv-83ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5105?format=json","vulnerability_id":"VCID-5yr7-w7h9-g7gh","summary":"The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the \"Groovy variant in 'ysoserial'\".","references":[{"reference_url":"http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkins"},{"reference_url":"http://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8103.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8103.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8103","reference_id":"","reference_type":"","scores":[{"value":"0.9037","scoring_system":"epss","scoring_elements":"0.99608","published_at":"2026-04-29T12:55:00Z"},{"value":"0.9037","scoring_system":"epss","scoring_elements":"0.99602","published_at":"2026-04-04T12:55:00Z"},{"value":"0.9037","scoring_system":"epss","scoring_elements":"0.99604","published_at":"2026-04-11T12:55:00Z"},{"value":"0.9037","scoring_system":"epss","scoring_elements":"0.99605","published_at":"2026-04-13T12:55:00Z"},{"value":"0.9037","scoring_system":"epss","scoring_elements":"0.99606","published_at":"2026-04-21T12:55:00Z"},{"value":"0.9037","scoring_system":"epss","scoring_elements":"0.99607","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8103"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5bd9b55a2a3249939fd78c501b8959a804c1164b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5bd9b55a2a3249939fd78c501b8959a804c1164b"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/b4193d1132089286ebeaf9d8872c839ad473329c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/b4193d1132089286ebeaf9d8872c839ad473329c"},{"reference_url":"https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli"},{"reference_url":"https://web.archive.org/web/20151225025917/http://www.securityfocus.com/bid/77636","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151225025917/http://www.securityfocus.com/bid/77636"},{"reference_url":"https://www.exploit-db.com/exploits/38983","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/38983"},{"reference_url":"https://www.exploit-db.com/exploits/38983/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/38983/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/09/5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/11/09/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/18/11","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/11/18/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/18/13","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/11/18/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/18/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/11/18/2"},{"reference_url":"http://www.securityfocus.com/bid/77636","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/77636"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282371","reference_id":"1282371","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282371"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8103","reference_id":"CVE-2015-8103","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8103"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/38983.rb","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/38983.rb"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-wfw7-6632-xcv2","reference_id":"GHSA-wfw7-6632-xcv2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wfw7-6632-xcv2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-8103","GHSA-wfw7-6632-xcv2"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yr7-w7h9-g7gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14644?format=json","vulnerability_id":"VCID-619d-pxn6-fkce","summary":"Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack\nCross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7537.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7537.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7537","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60563","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60596","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60584","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60514","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60579","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60599","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60611","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60605","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60565","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60443","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60585","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.606","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60519","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60545","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7537"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/40a28999e221a209212c30586be9c39049510bd1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/40a28999e221a209212c30586be9c39049510bd1"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291795","reference_id":"1291795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291795"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7537","reference_id":"CVE-2015-7537","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7537"},{"reference_url":"https://github.com/advisories/GHSA-3vhr-f5xr-8vpx","reference_id":"GHSA-3vhr-f5xr-8vpx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vhr-f5xr-8vpx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-7537","GHSA-3vhr-f5xr-8vpx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-619d-pxn6-fkce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54856?format=json","vulnerability_id":"VCID-6qdw-fvzm-4kdx","summary":"Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability\nJenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3662.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3662.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3662","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3662"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3662","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28475","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28845","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28822","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28772","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.2866","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28548","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28869","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28946","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28996","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28803","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.2887","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28912","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28873","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28823","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3662"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147759","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147759"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3662","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3662"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-fxqr-px2m-fvc2","reference_id":"GHSA-fxqr-px2m-fvc2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fxqr-px2m-fvc2"}],"fixed_packages":[],"aliases":["CVE-2014-3662","GHSA-fxqr-px2m-fvc2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6qdw-fvzm-4kdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57675?format=json","vulnerability_id":"VCID-7p5d-b885-sycx","summary":"Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code\nJenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3667.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3667.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3667","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3667"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3667","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17219","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17524","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17569","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1735","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17442","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17502","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17515","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17466","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17414","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17364","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17398","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17304","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17281","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17356","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3667"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147770","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147770"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f0a29b562e14d837912c6b35fa4e81478563813a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f0a29b562e14d837912c6b35fa4e81478563813a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3667","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3667"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-5xm3-48v5-6h7v","reference_id":"GHSA-5xm3-48v5-6h7v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xm3-48v5-6h7v"}],"fixed_packages":[],"aliases":["CVE-2014-3667","GHSA-5xm3-48v5-6h7v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7p5d-b885-sycx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54658?format=json","vulnerability_id":"VCID-88ku-rdqg-nfdm","summary":"Jenkins allows for Privilege Escalation by Remote Authenticated Users\nThe combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1806.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1806.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1806","reference_id":"","reference_type":"","scores":[{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70562","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70583","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70545","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.7062","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70621","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70611","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.7056","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70531","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70467","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.7048","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70575","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70498","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70521","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70536","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1806"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205620","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205620"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1806","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1806"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"},{"reference_url":"https://github.com/advisories/GHSA-mm9c-4cv4-7rfv","reference_id":"GHSA-mm9c-4cv4-7rfv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mm9c-4cv4-7rfv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1806","GHSA-mm9c-4cv4-7rfv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88ku-rdqg-nfdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14432?format=json","vulnerability_id":"VCID-8g3u-4dyc-6fak","summary":"Jenkins has Information Disclosure via Sidepanel Widget\nThe sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5321.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5321.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5321","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43151","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4333","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43267","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43319","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43334","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43354","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43323","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43308","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43369","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43358","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43294","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43227","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4323","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43245","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43301","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5321"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/251bdb00ab3cf4435416f0a55fa3bccf7f58896a","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/251bdb00ab3cf4435416f0a55fa3bccf7f58896a"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/9e439d462c28fe1c96799c89709dc5d0cb8ab8fa","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/9e439d462c28fe1c96799c89709dc5d0cb8ab8fa"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282364","reference_id":"1282364","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282364"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5321","reference_id":"CVE-2015-5321","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5321"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-4653-rmch-3g2g","reference_id":"GHSA-4653-rmch-3g2g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4653-rmch-3g2g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5321","GHSA-4653-rmch-3g2g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8g3u-4dyc-6fak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14787?format=json","vulnerability_id":"VCID-8q9g-qfve-93ba","summary":"Jenkins does not Verify Checksums for Plugin Files\nThe Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7539.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7539.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7539","reference_id":"","reference_type":"","scores":[{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77516","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77376","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77383","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77409","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77389","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.7742","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77429","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77454","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77434","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77431","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.7747","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77468","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77461","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77495","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77502","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7539"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/11479a2cc0a322a6bcd7e65667f3d24aa4d444bb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/11479a2cc0a322a6bcd7e65667f3d24aa4d444bb"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/97adb71aa4509f91e408a16ba312e817ec015cf4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/97adb71aa4509f91e408a16ba312e817ec015cf4"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/9ec88357a354d8354728cc06e2b8c8b68aee58bf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/9ec88357a354d8354728cc06e2b8c8b68aee58bf"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/c158648afa8888bc49ac337c973d4e4bc050118e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/c158648afa8888bc49ac337c973d4e4bc050118e"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f99cb46e06f394637067730a82f46bddc3567295","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f99cb46e06f394637067730a82f46bddc3567295"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291798","reference_id":"1291798","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291798"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7539","reference_id":"CVE-2015-7539","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7539"},{"reference_url":"https://github.com/advisories/GHSA-x274-9m9r-fm5g","reference_id":"GHSA-x274-9m9r-fm5g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x274-9m9r-fm5g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-7539","GHSA-x274-9m9r-fm5g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8q9g-qfve-93ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55916?format=json","vulnerability_id":"VCID-9bjm-e9zm-dqck","summary":"Jenkins allows for Privilege Escalation by Remote Authenticated Users\nThe API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a \"forced API token change\" involving anonymous users.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1814.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1814.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1814","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.4699","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46985","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47022","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.4704","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46988","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47043","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47039","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47063","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47037","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47099","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47094","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47031","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1814"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205616","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205616"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/57e78880cc035874bda916ef4d8d7fd7642af9db","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/57e78880cc035874bda916ef4d8d7fd7642af9db"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1814","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1814"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"},{"reference_url":"https://github.com/advisories/GHSA-3269-jqp5-v8c9","reference_id":"GHSA-3269-jqp5-v8c9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3269-jqp5-v8c9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1814","GHSA-3269-jqp5-v8c9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9bjm-e9zm-dqck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57983?format=json","vulnerability_id":"VCID-c43n-xyfr-aqbe","summary":"Jenkins Path Traversal vulnerability\nDirectory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3664.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3664.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3664","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3664"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3664","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40989","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41256","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41243","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41287","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41185","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41074","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.4107","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41162","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41254","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41284","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41208","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41258","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41266","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41288","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3664"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147765","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147765"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/96973","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/96973"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3664","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3664"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-3gp5-92h5-h855","reference_id":"GHSA-3gp5-92h5-h855","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gp5-92h5-h855"}],"fixed_packages":[],"aliases":["CVE-2014-3664","GHSA-3gp5-92h5-h855"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c43n-xyfr-aqbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56682?format=json","vulnerability_id":"VCID-d967-j6gn-j7cq","summary":"Jenkins Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1812.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1812.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1812","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4386","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44051","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44018","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44002","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44064","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43989","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4394","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43944","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4398","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44029","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44052","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44033","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44035","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1812"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205615","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205615"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f58ba6e72f978e2f73299e38a1b54ff70fc73fd8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f58ba6e72f978e2f73299e38a1b54ff70fc73fd8"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f880d8d2cd9d46987ee3630fa04f77b17784f4e8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f880d8d2cd9d46987ee3630fa04f77b17784f4e8"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1812","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1812"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"},{"reference_url":"https://github.com/advisories/GHSA-w5v7-q2j4-fvpf","reference_id":"GHSA-w5v7-q2j4-fvpf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w5v7-q2j4-fvpf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1812","GHSA-w5v7-q2j4-fvpf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d967-j6gn-j7cq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14521?format=json","vulnerability_id":"VCID-ejrj-pum8-9qa3","summary":"Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack\nJenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5318.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5318.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5318","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18095","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18061","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18048","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18203","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17941","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17978","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18002","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18199","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18157","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18147","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18106","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18358","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1806","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18143","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5318"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f53802bb82a25b295b6dfa3bf2a591a6c8552183","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f53802bb82a25b295b6dfa3bf2a591a6c8552183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282361","reference_id":"1282361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282361"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5318","reference_id":"CVE-2015-5318","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5318"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-3wmv-7php-rhg5","reference_id":"GHSA-3wmv-7php-rhg5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3wmv-7php-rhg5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5318","GHSA-3wmv-7php-rhg5"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ejrj-pum8-9qa3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36498?format=json","vulnerability_id":"VCID-fmcb-kpgu-5fcg","summary":"Authorization bypass in Openshift\nOpenshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0351","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0351"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1906.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1906.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2016-1906","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2016-1906"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1906","reference_id":"","reference_type":"","scores":[{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.85486","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.85517","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.854","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.8542","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.85423","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.85444","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.85452","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.85467","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.85465","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.85461","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.85485","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.8549","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.85518","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.85509","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02541","scoring_system":"epss","scoring_elements":"0.85388","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1906"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1297916","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1297916"},{"reference_url":"https://github.com/openshift/origin/commit/d95ec085f03ecf10e8c424a4f0340ddb38891406","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openshift/origin/commit/d95ec085f03ecf10e8c424a4f0340ddb38891406"},{"reference_url":"https://github.com/openshift/origin/issues/6556","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openshift/origin/issues/6556"},{"reference_url":"https://github.com/openshift/origin/pull/6576","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openshift/origin/pull/6576"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1906","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1906"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1906","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1906"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*"}],"fixed_packages":[],"aliases":["CVE-2016-1906","GHSA-m3fm-h5jp-q79p"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmcb-kpgu-5fcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14940?format=json","vulnerability_id":"VCID-gbeg-v39c-hfe5","summary":"Jenkins allows Administrators to Access API Tokens\nJenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5323.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5323.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5323","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42094","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42165","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4219","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42203","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41952","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42039","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4218","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42166","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42092","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42139","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42151","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42178","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42118","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42169","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5323"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282366","reference_id":"1282366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282366"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5323","reference_id":"CVE-2015-5323","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5323"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-x4m5-j4x4-4wjg","reference_id":"GHSA-x4m5-j4x4-4wjg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4m5-j4x4-4wjg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5323","GHSA-x4m5-j4x4-4wjg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbeg-v39c-hfe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14531?format=json","vulnerability_id":"VCID-hkx6-feah-ckgv","summary":"Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack\nJenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7538.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7538.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7538","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46243","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.4624","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46281","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.463","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46247","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46302","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46326","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46298","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46307","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46364","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46361","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46305","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46286","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46296","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7538"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/ba747888108d0db90d469c6d210b1df465d8fac1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/ba747888108d0db90d469c6d210b1df465d8fac1"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/ef2c0dc163695af3a57ad7a45571293377ff679b","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/ef2c0dc163695af3a57ad7a45571293377ff679b"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291797","reference_id":"1291797","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291797"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7538","reference_id":"CVE-2015-7538","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7538"},{"reference_url":"https://github.com/advisories/GHSA-w7qm-fprw-cqgq","reference_id":"GHSA-w7qm-fprw-cqgq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7qm-fprw-cqgq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-7538","GHSA-w7qm-fprw-cqgq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkx6-feah-ckgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5033?format=json","vulnerability_id":"VCID-jc2q-ht2b-cfhx","summary":"The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1448.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1448.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2186.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2186.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2186","reference_id":"","reference_type":"","scores":[{"value":"0.87099","scoring_system":"epss","scoring_elements":"0.99444","published_at":"2026-04-12T12:55:00Z"},{"value":"0.87099","scoring_system":"epss","scoring_elements":"0.9944","published_at":"2026-04-04T12:55:00Z"},{"value":"0.87099","scoring_system":"epss","scoring_elements":"0.99449","published_at":"2026-04-29T12:55:00Z"},{"value":"0.87099","scoring_system":"epss","scoring_elements":"0.99448","published_at":"2026-04-18T12:55:00Z"},{"value":"0.87099","scoring_system":"epss","scoring_elements":"0.99447","published_at":"2026-04-21T12:55:00Z"},{"value":"0.87099","scoring_system":"epss","scoring_elements":"0.99445","published_at":"2026-04-13T12:55:00Z"},{"value":"0.87099","scoring_system":"epss","scoring_elements":"0.99439","published_at":"2026-04-01T12:55:00Z"},{"value":"0.87099","scoring_system":"epss","scoring_elements":"0.99438","published_at":"2026-04-02T12:55:00Z"},{"value":"0.87099","scoring_system":"epss","scoring_elements":"0.99443","published_at":"2026-04-11T12:55:00Z"},{"value":"0.87099","scoring_system":"epss","scoring_elements":"0.99442","published_at":"2026-04-09T12:55:00Z"},{"value":"0.87099","scoring_system":"epss","scoring_elements":"0.99441","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2186"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2186","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2186"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/88133","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/88133"},{"reference_url":"https://github.com/apache/commons-fileupload","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-fileupload"},{"reference_url":"https://github.com/apache/commons-fileupload/blob/master/RELEASE-NOTES.txt","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-fileupload/blob/master/RELEASE-NOTES.txt"},{"reference_url":"https://github.com/apache/commons-fileupload/commit/163a6061fbc077d4b6e4787d26857c2baba495d1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-fileupload/commit/163a6061fbc077d4b6e4787d26857c2baba495d1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2186","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2186"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"reference_url":"https://www.tenable.com/security/research/tra-2016-23","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.tenable.com/security/research/tra-2016-23"},{"reference_url":"http://ubuntu.com/usn/usn-2029-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-2029-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2827","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2827"},{"reference_url":"http://www.securityfocus.com/bid/63174","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/63174"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726601","reference_id":"726601","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726601"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=974814","reference_id":"974814","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=974814"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-2186","reference_id":"CVE-2013-2186","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2013-2186"},{"reference_url":"https://github.com/advisories/GHSA-qx6h-9567-5fqw","reference_id":"GHSA-qx6h-9567-5fqw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qx6h-9567-5fqw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1428","reference_id":"RHSA-2013:1428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1429","reference_id":"RHSA-2013:1429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1430","reference_id":"RHSA-2013:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1442","reference_id":"RHSA-2013:1442","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1442"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1448","reference_id":"RHSA-2013:1448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1448"},{"reference_url":"https://usn.ubuntu.com/2029-1/","reference_id":"USN-2029-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2029-1/"}],"fixed_packages":[],"aliases":["CVE-2013-2186","GHSA-qx6h-9567-5fqw"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc2q-ht2b-cfhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14434?format=json","vulnerability_id":"VCID-jfpr-4eze-j3f1","summary":"Jenkins allows Cross-Site Scripting (XSS)\nCross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5326.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5326.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5326","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36878","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36938","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36953","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36969","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36531","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36619","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36651","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.3696","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36934","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36866","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36909","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37035","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.37069","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36897","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36948","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5326"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282369","reference_id":"1282369","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282369"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5326","reference_id":"CVE-2015-5326","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5326"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-5mwr-jg3r-jv66","reference_id":"GHSA-5mwr-jg3r-jv66","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5mwr-jg3r-jv66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5326","GHSA-5mwr-jg3r-jv66"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jfpr-4eze-j3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52961?format=json","vulnerability_id":"VCID-k31a-cbd1-wkh5","summary":"Access Restriction Bypass in kubernetes\nThe API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.\n\n### Specific Go Packages Affected\ngithub.com/kubernetes/kubernetes/pkg/apiserver","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0351","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0351"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1905.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1905.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2016-1905","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2016-1905"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1905","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4648","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4653","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46533","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46556","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46528","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46537","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46594","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46591","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4652","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46472","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4651","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1905"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1297910","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1297910"},{"reference_url":"https://github.com/kubernetes/kubernetes/commit/9e6912384a5bc714f2a780b870944a8cee264a22","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kubernetes/kubernetes/commit/9e6912384a5bc714f2a780b870944a8cee264a22"},{"reference_url":"https://github.com/kubernetes/kubernetes/issues/19479","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kubernetes/kubernetes/issues/19479"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1905","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1905"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*"}],"fixed_packages":[],"aliases":["CVE-2016-1905","GHSA-xx8c-m748-xr4j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k31a-cbd1-wkh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14974?format=json","vulnerability_id":"VCID-n5z8-5v21-g7e9","summary":"Jenkins has Local File Inclusion Vulnerability\nDirectory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5322.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5322.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5322","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38036","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38099","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38119","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38134","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37704","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37798","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37821","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38116","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38097","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37984","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38073","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38164","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38187","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38058","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38108","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5322"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282365","reference_id":"1282365","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282365"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5322","reference_id":"CVE-2015-5322","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5322"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-89vc-7frq-2rfj","reference_id":"GHSA-89vc-7frq-2rfj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-89vc-7frq-2rfj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5322","GHSA-89vc-7frq-2rfj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5z8-5v21-g7e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86389?format=json","vulnerability_id":"VCID-p7fu-cxq4-23ey","summary":"stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1869.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1869.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1869","reference_id":"","reference_type":"","scores":[{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69353","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69365","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69381","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.6936","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.6941","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69426","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69449","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69434","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.6942","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69459","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69469","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69451","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69503","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.6951","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69515","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1869"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1063099","reference_id":"1063099","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1063099"}],"fixed_packages":[],"aliases":["CVE-2014-1869"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p7fu-cxq4-23ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85783?format=json","vulnerability_id":"VCID-q7xy-2e9v-uka8","summary":"jenkins: directory traversal from artifacts via symlink (SECURITY-162)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1807.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1807","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32209","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32344","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32381","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32255","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32284","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32285","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32247","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.3225","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.3223","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.322","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32039","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31912","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31831","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1807"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205622","reference_id":"1205622","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1807"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7xy-2e9v-uka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14990?format=json","vulnerability_id":"VCID-qpec-wa2s-23f3","summary":"Jenkins allows Bypass of Access Restrictions\nJenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5325.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5325.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5325","reference_id":"","reference_type":"","scores":[{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32016","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32043","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32103","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31643","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31725","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31851","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.321","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32064","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.3203","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32033","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32157","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32196","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32019","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.3207","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5325"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/054a329c59171ca12ff98f7063ce7fd053ee08bf","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/054a329c59171ca12ff98f7063ce7fd053ee08bf"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282368","reference_id":"1282368","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282368"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5325","reference_id":"CVE-2015-5325","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5325"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-x2q2-8pwq-fr5r","reference_id":"GHSA-x2q2-8pwq-fr5r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2q2-8pwq-fr5r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5325","GHSA-x2q2-8pwq-fr5r"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpec-wa2s-23f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15933?format=json","vulnerability_id":"VCID-r79s-gp2g-13b7","summary":"Jenkins Denial of Service vulnerability\nCVE-2014-3661 jenkins: denial of service (SECURITY-87)","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3661.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3661.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3661","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.3611","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36528","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36511","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36456","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36227","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36197","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36422","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36595","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36628","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36465","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36516","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36536","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36543","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36508","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36485","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3661"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147758","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147758"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3661","reference_id":"CVE-2014-3661","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3661"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3661","reference_id":"CVE-2014-3661","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3661"},{"reference_url":"https://github.com/advisories/GHSA-r5m2-g5gc-q43r","reference_id":"GHSA-r5m2-g5gc-q43r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r5m2-g5gc-q43r"}],"fixed_packages":[],"aliases":["CVE-2014-3661","GHSA-r5m2-g5gc-q43r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r79s-gp2g-13b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14454?format=json","vulnerability_id":"VCID-tsy7-92cs-6uc1","summary":"Jenkins discloses project names via fingerprints\nThe Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5317.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5317.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5317","reference_id":"","reference_type":"","scores":[{"value":"0.27392","scoring_system":"epss","scoring_elements":"0.96395","published_at":"2026-04-07T12:55:00Z"},{"value":"0.27392","scoring_system":"epss","scoring_elements":"0.96391","published_at":"2026-04-04T12:55:00Z"},{"value":"0.27392","scoring_system":"epss","scoring_elements":"0.9638","published_at":"2026-04-01T12:55:00Z"},{"value":"0.27392","scoring_system":"epss","scoring_elements":"0.96387","published_at":"2026-04-02T12:55:00Z"},{"value":"0.27392","scoring_system":"epss","scoring_elements":"0.96427","published_at":"2026-04-21T12:55:00Z"},{"value":"0.27392","scoring_system":"epss","scoring_elements":"0.96425","published_at":"2026-04-18T12:55:00Z"},{"value":"0.27392","scoring_system":"epss","scoring_elements":"0.96421","published_at":"2026-04-16T12:55:00Z"},{"value":"0.27392","scoring_system":"epss","scoring_elements":"0.96414","published_at":"2026-04-13T12:55:00Z"},{"value":"0.27392","scoring_system":"epss","scoring_elements":"0.96411","published_at":"2026-04-12T12:55:00Z"},{"value":"0.27392","scoring_system":"epss","scoring_elements":"0.96406","published_at":"2026-04-09T12:55:00Z"},{"value":"0.27392","scoring_system":"epss","scoring_elements":"0.96403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.39696","scoring_system":"epss","scoring_elements":"0.97328","published_at":"2026-04-29T12:55:00Z"},{"value":"0.39696","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-04-24T12:55:00Z"},{"value":"0.39696","scoring_system":"epss","scoring_elements":"0.97326","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5317"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282359","reference_id":"1282359","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282359"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5317","reference_id":"CVE-2015-5317","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5317"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/"}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-8pqx-3rxx-f5pm","reference_id":"GHSA-8pqx-3rxx-f5pm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8pqx-3rxx-f5pm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5317","GHSA-8pqx-3rxx-f5pm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tsy7-92cs-6uc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54602?format=json","vulnerability_id":"VCID-u4qt-vmg8-tkez","summary":"Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability\nJenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3680.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3680.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3680","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3680"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3680","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22452","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22671","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22618","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22464","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22454","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22596","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22771","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22815","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22681","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22731","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22751","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22713","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22655","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3680"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1148645","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1148645"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3680","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3680"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-8x8p-mfwv-9fjw","reference_id":"GHSA-8x8p-mfwv-9fjw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8x8p-mfwv-9fjw"}],"fixed_packages":[],"aliases":["CVE-2014-3680","GHSA-8x8p-mfwv-9fjw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4qt-vmg8-tkez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14426?format=json","vulnerability_id":"VCID-vcqm-2bae-w3e7","summary":"Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI\nXML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5319.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5319.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5319","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54754","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54706","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54729","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54742","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54739","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.5471","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54738","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54757","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54755","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54631","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54717","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54702","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54724","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54694","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54747","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5319"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/e78e9e8144f7304cf274cd4b756f458cf63a3556","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/e78e9e8144f7304cf274cd4b756f458cf63a3556"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282362","reference_id":"1282362","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282362"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5319","reference_id":"CVE-2015-5319","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5319"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-3j9c-cp7m-8w8g","reference_id":"GHSA-3j9c-cp7m-8w8g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3j9c-cp7m-8w8g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5319","GHSA-3j9c-cp7m-8w8g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vcqm-2bae-w3e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55112?format=json","vulnerability_id":"VCID-vznw-vuay-7bcg","summary":"Jenkins allows for Code Execution via Crafted Packet to the CLI\nJenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3666.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3666.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3666","reference_id":"","reference_type":"","scores":[{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.79067","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.7906","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.79027","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.79028","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.79031","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.79003","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.78956","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.79013","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.78962","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.79029","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.78989","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.78974","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.79005","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.78998","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.79081","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3666"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/be195b0e19343bff6d966029d8eea99b2c039c32","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/be195b0e19343bff6d966029d8eea99b2c039c32"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3666","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3666"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147769","reference_id":"1147769","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147769"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-fvfh-8mj3-23xj","reference_id":"GHSA-fvfh-8mj3-23xj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fvfh-8mj3-23xj"}],"fixed_packages":[],"aliases":["CVE-2014-3666","GHSA-fvfh-8mj3-23xj"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vznw-vuay-7bcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14461?format=json","vulnerability_id":"VCID-w9zw-vvsw-3qbb","summary":"Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor\nJenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5320.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5320.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5320","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43151","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43354","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43323","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43308","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43369","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43358","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43294","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43227","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4323","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43245","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43301","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4333","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43267","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43319","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43334","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5320"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282363","reference_id":"1282363","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282363"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5320","reference_id":"CVE-2015-5320","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5320"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-449q-v4j2-5h8p","reference_id":"GHSA-449q-v4j2-5h8p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-449q-v4j2-5h8p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5320","GHSA-449q-v4j2-5h8p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w9zw-vvsw-3qbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54924?format=json","vulnerability_id":"VCID-wu44-bxb4-2uf1","summary":"Jenkins allows Cross-Site Scripting (XSS)\nCross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1813.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1813.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1813","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4386","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44033","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44035","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44051","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44018","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44002","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44064","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43989","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4394","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43944","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4398","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44029","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44052","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1813"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205615","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205615"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1813","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1813"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"},{"reference_url":"https://github.com/advisories/GHSA-9h85-v6xf-h26q","reference_id":"GHSA-9h85-v6xf-h26q","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9h85-v6xf-h26q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1813","GHSA-9h85-v6xf-h26q"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wu44-bxb4-2uf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15995?format=json","vulnerability_id":"VCID-z2s1-ncs9-vfet","summary":"Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation\nThe HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1810.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1810","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6282","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62754","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62789","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62779","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62756","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62796","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62804","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62784","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62821","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62649","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62707","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62738","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62703","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1810"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205627"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1810","reference_id":"CVE-2015-1810","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1810"},{"reference_url":"https://github.com/advisories/GHSA-37wm-28rm-56vw","reference_id":"GHSA-37wm-28rm-56vw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-37wm-28rm-56vw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1810","GHSA-37wm-28rm-56vw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z2s1-ncs9-vfet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14486?format=json","vulnerability_id":"VCID-zfsk-m177-9qch","summary":"Jenkins allows Unauthorized Viewing of Queue API Information\nJenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5324.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5324.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5324","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51837","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5183","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51788","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51803","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51824","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51774","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51778","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51723","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51762","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51736","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51686","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51732","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51768","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51818","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5324"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/33b55588a6a5f844a59f2cd8940d385c6d412eb5","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/33b55588a6a5f844a59f2cd8940d385c6d412eb5"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/4a72e938d58598cd4bd3caa48ee9e8a3f60c30e4","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/4a72e938d58598cd4bd3caa48ee9e8a3f60c30e4"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/581eb9ceb354b8a55c010d0547ff73cb6fd67a75","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/581eb9ceb354b8a55c010d0547ff73cb6fd67a75"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282367","reference_id":"1282367","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282367"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5324","reference_id":"CVE-2015-5324","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5324"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-5xmf-9vgr-53mj","reference_id":"GHSA-5xmf-9vgr-53mj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xmf-9vgr-53mj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5324","GHSA-5xmf-9vgr-53mj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zfsk-m177-9qch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55179?format=json","vulnerability_id":"VCID-zz2q-h9gc-p7h4","summary":"Jenkins Vulnerable to Denial of Service (DoS)\nJenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1808.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1808.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1808","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38605","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38973","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38988","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38963","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38935","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38983","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38881","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38717","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38694","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3897","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3899","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3892","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1808"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205623","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205623"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1808","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1808"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"},{"reference_url":"https://github.com/advisories/GHSA-3rwx-3vwh-mwxc","reference_id":"GHSA-3rwx-3vwh-mwxc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rwx-3vwh-mwxc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1808","GHSA-3rwx-3vwh-mwxc"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zz2q-h9gc-p7h4"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nodejs-event-stream@3.3.2-1%3Farch=el7aos"}