Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/143211?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/143211?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.1.1574872364-1?arch=el7", "type": "rpm", "namespace": "redhat", "name": "jenkins-2-plugins", "version": "4.1.1574872364-1", "qualifiers": { "arch": "el7" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51869?format=api", "vulnerability_id": "VCID-4thu-22qs-cqgu", "summary": "Code Injection\nA sandbox bypass vulnerability in Jenkins Script Security Plugin related to the handling of default parameter expressions in constructors allows attackers to execute arbitrary code in sandboxed scripts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10431.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10431.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10431", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.5714", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57089", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57141", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57149", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57137", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57122", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10431" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin/blob/7bd58b8635709cecdb50018844e5d6dbe1ce13ea/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin/blob/7bd58b8635709cecdb50018844e5d6dbe1ce13ea/CHANGELOG.md" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin/commit/415b6e2f3fa0c2e4bd2f9c4a589a9e1fc9cbac8b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin/commit/415b6e2f3fa0c2e4bd2f9c4a589a9e1fc9cbac8b" }, { "reference_url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/10/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/10/01/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764390", "reference_id": "1764390", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764390" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10431", "reference_id": "CVE-2019-10431", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10431" }, { "reference_url": "https://github.com/advisories/GHSA-72gx-qq2m-6xr2", "reference_id": "GHSA-72gx-qq2m-6xr2", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-72gx-qq2m-6xr2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4055", "reference_id": "RHSA-2019:4055", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4089", "reference_id": "RHSA-2019:4089", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4097", "reference_id": "RHSA-2019:4097", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4097" } ], "fixed_packages": [], "aliases": [ "CVE-2019-10431", "GHSA-72gx-qq2m-6xr2" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4thu-22qs-cqgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51804?format=api", "vulnerability_id": "VCID-c4av-da6w-7udw", "summary": "Improper Input Validation\nA sandbox bypass vulnerability in Jenkins Script Security Plugin related to the handling of property names in property expressions in increment and decrement expressions allows attackers to execute arbitrary code in sandboxed scripts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10399.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10399.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36932", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36918", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36893", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36984", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36957", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10399" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin/commit/b28e4dc5584ef6515aeb9bc834691176546d0689", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin/commit/b28e4dc5584ef6515aeb9bc834691176546d0689" }, { "reference_url": "https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/09/12/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/09/12/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819713", "reference_id": "1819713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819713" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10399", "reference_id": "CVE-2019-10399", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10399" }, { "reference_url": "https://github.com/advisories/GHSA-m26f-w3h5-62fj", "reference_id": "GHSA-m26f-w3h5-62fj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m26f-w3h5-62fj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4055", "reference_id": "RHSA-2019:4055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4089", "reference_id": "RHSA-2019:4089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4097", "reference_id": "RHSA-2019:4097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4097" } ], "fixed_packages": [], "aliases": [ "CVE-2019-10399", "GHSA-m26f-w3h5-62fj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4av-da6w-7udw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51866?format=api", "vulnerability_id": "VCID-nbxv-egu1-ykba", "summary": "Cross-site Scripting\nJenkins HTML Publisher Plugin does not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10432.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10432.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36956", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36903", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3689", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36928", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36962", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36864", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10432" }, { "reference_url": "https://github.com/jenkinsci/htmlpublisher-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/htmlpublisher-plugin" }, { "reference_url": "https://github.com/jenkinsci/htmlpublisher-plugin/commit/637aad0308f8cdfb24610041fcfe815d5a1a096b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/htmlpublisher-plugin/commit/637aad0308f8cdfb24610041fcfe815d5a1a096b" }, { "reference_url": "https://github.com/jenkinsci/htmlpublisher-plugin/releases/tag/htmlpublisher-1.21", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/htmlpublisher-plugin/releases/tag/htmlpublisher-1.21" }, { "reference_url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1590", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1590" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/10/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/10/01/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764387", "reference_id": "1764387", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764387" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10432", "reference_id": "CVE-2019-10432", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10432" }, { "reference_url": "https://github.com/advisories/GHSA-q829-hrmc-84c8", "reference_id": "GHSA-q829-hrmc-84c8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q829-hrmc-84c8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4055", "reference_id": "RHSA-2019:4055", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4089", "reference_id": "RHSA-2019:4089", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4097", "reference_id": "RHSA-2019:4097", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4097" } ], "fixed_packages": [], "aliases": [ "CVE-2019-10432", "GHSA-q829-hrmc-84c8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nbxv-egu1-ykba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51802?format=api", "vulnerability_id": "VCID-rtua-pabw-xfg7", "summary": "Improper Input Validation\nA sandbox bypass vulnerability in Jenkins Script Security Plugin related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allows attackers to execute arbitrary code in sandboxed scripts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10400.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10400.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36932", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36918", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36893", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36984", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36957", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10400" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin/commit/b28e4dc5584ef6515aeb9bc834691176546d0689", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin/commit/b28e4dc5584ef6515aeb9bc834691176546d0689" }, { "reference_url": "https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/09/12/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/09/12/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819708", "reference_id": "1819708", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819708" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10400", "reference_id": "CVE-2019-10400", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10400" }, { "reference_url": "https://github.com/advisories/GHSA-76q7-r3g4-wvm4", "reference_id": "GHSA-76q7-r3g4-wvm4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76q7-r3g4-wvm4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4055", "reference_id": "RHSA-2019:4055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4089", "reference_id": "RHSA-2019:4089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4097", "reference_id": "RHSA-2019:4097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4097" } ], "fixed_packages": [], "aliases": [ "CVE-2019-10400", "GHSA-76q7-r3g4-wvm4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rtua-pabw-xfg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51805?format=api", "vulnerability_id": "VCID-sbcm-2fbb-r3fn", "summary": "Improper Input Validation\nA sandbox bypass vulnerability in Jenkins Script Security Plugin related to the handling of property names in property expressions on the left-hand side of assignment expressions allows attackers to execute arbitrary code in sandboxed scripts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10394.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10394.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36932", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36918", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36893", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36984", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36957", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10394" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin/commit/b28e4dc5584ef6515aeb9bc834691176546d0689", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin/commit/b28e4dc5584ef6515aeb9bc834691176546d0689" }, { "reference_url": "https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/09/12/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/09/12/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819692", "reference_id": "1819692", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819692" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10394", "reference_id": "CVE-2019-10394", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10394" }, { "reference_url": "https://github.com/advisories/GHSA-hvmx-5hv4-f235", "reference_id": "GHSA-hvmx-5hv4-f235", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hvmx-5hv4-f235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4055", "reference_id": "RHSA-2019:4055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4089", "reference_id": "RHSA-2019:4089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4097", "reference_id": "RHSA-2019:4097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4097" } ], "fixed_packages": [], "aliases": [ "CVE-2019-10394", "GHSA-hvmx-5hv4-f235" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbcm-2fbb-r3fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51803?format=api", "vulnerability_id": "VCID-y74h-v1ss-m3e4", "summary": "Improper Input Validation\nA sandbox bypass vulnerability in Jenkins Script Security Plugin related to the handling of method names in method call expressions allows attackers to execute arbitrary code in sandboxed scripts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10393.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10393.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36932", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36918", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36893", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36984", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36957", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10393" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin" }, { "reference_url": "https://github.com/jenkinsci/script-security-plugin/commit/b28e4dc5584ef6515aeb9bc834691176546d0689", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/script-security-plugin/commit/b28e4dc5584ef6515aeb9bc834691176546d0689" }, { "reference_url": "https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/09/12/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/09/12/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819697", "reference_id": "1819697", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819697" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10393", "reference_id": "CVE-2019-10393", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10393" }, { "reference_url": "https://github.com/advisories/GHSA-9fp8-64xf-w957", "reference_id": "GHSA-9fp8-64xf-w957", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fp8-64xf-w957" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4055", "reference_id": "RHSA-2019:4055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4089", "reference_id": "RHSA-2019:4089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4097", "reference_id": "RHSA-2019:4097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4097" } ], "fixed_packages": [], "aliases": [ "CVE-2019-10393", "GHSA-9fp8-64xf-w957" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y74h-v1ss-m3e4" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.1.1574872364-1%3Farch=el7" }