{"url":"http://public2.vulnerablecode.io/api/packages/118985?format=json","purl":"pkg:rpm/redhat/openshift-origin-cartridge-ruby@1.32.1.1-1?arch=el6op","type":"rpm","namespace":"redhat","name":"openshift-origin-cartridge-ruby","version":"1.32.1.1-1","qualifiers":{"arch":"el6op"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54658?format=json","vulnerability_id":"VCID-88ku-rdqg-nfdm","summary":"Jenkins allows for Privilege Escalation by Remote Authenticated Users\nThe combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1806.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1806.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1806","reference_id":"","reference_type":"","scores":[{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70562","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70583","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70545","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.7062","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70621","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70611","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.7056","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70531","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70467","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.7048","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70575","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70498","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70521","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70536","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1806"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205620","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205620"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1806","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1806"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"},{"reference_url":"https://github.com/advisories/GHSA-mm9c-4cv4-7rfv","reference_id":"GHSA-mm9c-4cv4-7rfv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mm9c-4cv4-7rfv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1806","GHSA-mm9c-4cv4-7rfv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88ku-rdqg-nfdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55916?format=json","vulnerability_id":"VCID-9bjm-e9zm-dqck","summary":"Jenkins allows for Privilege Escalation by Remote Authenticated Users\nThe API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a \"forced API token change\" involving anonymous users.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1814.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1814.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1814","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.4699","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46985","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47022","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.4704","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46988","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47043","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47039","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47063","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47037","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47099","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47094","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47031","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1814"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205616","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205616"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/57e78880cc035874bda916ef4d8d7fd7642af9db","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/57e78880cc035874bda916ef4d8d7fd7642af9db"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1814","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1814"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"},{"reference_url":"https://github.com/advisories/GHSA-3269-jqp5-v8c9","reference_id":"GHSA-3269-jqp5-v8c9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3269-jqp5-v8c9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1814","GHSA-3269-jqp5-v8c9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9bjm-e9zm-dqck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56682?format=json","vulnerability_id":"VCID-d967-j6gn-j7cq","summary":"Jenkins Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1812.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1812.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1812","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4386","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44051","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44018","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44002","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44064","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43989","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4394","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43944","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4398","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44029","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44052","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44033","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44035","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1812"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205615","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205615"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f58ba6e72f978e2f73299e38a1b54ff70fc73fd8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f58ba6e72f978e2f73299e38a1b54ff70fc73fd8"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f880d8d2cd9d46987ee3630fa04f77b17784f4e8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f880d8d2cd9d46987ee3630fa04f77b17784f4e8"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1812","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1812"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"},{"reference_url":"https://github.com/advisories/GHSA-w5v7-q2j4-fvpf","reference_id":"GHSA-w5v7-q2j4-fvpf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w5v7-q2j4-fvpf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1812","GHSA-w5v7-q2j4-fvpf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d967-j6gn-j7cq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55539?format=json","vulnerability_id":"VCID-dmb6-hwan-nqfn","summary":"XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1811.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1811.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1811","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31337","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31774","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31739","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31771","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3175","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31719","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31548","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3142","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31734","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31866","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3191","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31729","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31781","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31811","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31814","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1811"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205632"},{"reference_url":"https://jenkins.io/security/advisory/2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2015-02-27"},{"reference_url":"https://jenkins.io/security/advisory/2015-02-27/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2015-02-27/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1811","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1811"},{"reference_url":"https://github.com/advisories/GHSA-qg7x-4h4q-3m49","reference_id":"GHSA-qg7x-4h4q-3m49","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qg7x-4h4q-3m49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1811","GHSA-qg7x-4h4q-3m49"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmb6-hwan-nqfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85783?format=json","vulnerability_id":"VCID-q7xy-2e9v-uka8","summary":"jenkins: directory traversal from artifacts via symlink (SECURITY-162)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1807.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1807","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32209","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32344","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32381","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32255","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32284","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32285","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32247","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.3225","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.3223","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.322","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32039","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31912","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31831","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1807"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205622","reference_id":"1205622","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1807"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7xy-2e9v-uka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58065?format=json","vulnerability_id":"VCID-tryk-6hhf-8ufh","summary":"XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1809.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1809.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1809","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32307","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32738","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32702","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32713","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3269","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32661","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32391","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32674","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32806","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32842","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32663","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32711","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32737","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1809"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205625","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205625"},{"reference_url":"https://jenkins.io/security/advisory/2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2015-02-27"},{"reference_url":"https://jenkins.io/security/advisory/2015-02-27/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2015-02-27/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1809","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1809"},{"reference_url":"https://github.com/advisories/GHSA-qj27-w92h-fc9r","reference_id":"GHSA-qj27-w92h-fc9r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qj27-w92h-fc9r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1809","GHSA-qj27-w92h-fc9r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tryk-6hhf-8ufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54924?format=json","vulnerability_id":"VCID-wu44-bxb4-2uf1","summary":"Jenkins allows Cross-Site Scripting (XSS)\nCross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1813.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1813.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1813","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4386","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44033","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44035","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44051","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44018","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44002","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44064","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43989","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4394","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43944","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4398","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44029","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44052","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1813"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205615","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205615"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1813","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1813"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"},{"reference_url":"https://github.com/advisories/GHSA-9h85-v6xf-h26q","reference_id":"GHSA-9h85-v6xf-h26q","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9h85-v6xf-h26q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1813","GHSA-9h85-v6xf-h26q"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wu44-bxb4-2uf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15995?format=json","vulnerability_id":"VCID-z2s1-ncs9-vfet","summary":"Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation\nThe HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1810.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1810","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6282","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62754","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62789","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62779","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62756","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62796","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62804","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62784","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62821","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62649","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62707","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62738","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62703","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1810"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205627"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1810","reference_id":"CVE-2015-1810","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1810"},{"reference_url":"https://github.com/advisories/GHSA-37wm-28rm-56vw","reference_id":"GHSA-37wm-28rm-56vw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-37wm-28rm-56vw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1810","GHSA-37wm-28rm-56vw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z2s1-ncs9-vfet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55179?format=json","vulnerability_id":"VCID-zz2q-h9gc-p7h4","summary":"Jenkins Vulnerable to Denial of Service (DoS)\nJenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1808.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1808.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1808","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38605","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38973","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38988","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38963","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38935","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38983","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38881","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38717","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38694","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3897","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3899","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3892","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1808"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205623","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205623"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1808","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1808"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"},{"reference_url":"https://github.com/advisories/GHSA-3rwx-3vwh-mwxc","reference_id":"GHSA-3rwx-3vwh-mwxc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rwx-3vwh-mwxc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1808","GHSA-3rwx-3vwh-mwxc"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zz2q-h9gc-p7h4"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-ruby@1.32.1.1-1%3Farch=el6op"}