Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-multibranch@696.v52535c46f4c9

Type maven

Namespace org.jenkins-ci.plugins.workflow

Name workflow-multibranch

Version 696.v52535c46f4c9

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 696.698.v9b4218eea50f

Latest_non_vulnerable_version 707.v71c3f0a_6ccdb

Affected_by_vulnerabilities

url VCID-h57k-wsgx-4kbr

vulnerability_id VCID-h57k-wsgx-4kbr

summary

Improper Link Resolution Before File Access ('Link Following')
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25179.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25179.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25179

reference_id

reference_type

scores

value	0.01569
scoring_system	epss
scoring_elements	0.81595
published_at	2026-04-29T12:55:00Z

value	0.01569
scoring_system	epss
scoring_elements	0.81539
published_at	2026-04-11T12:55:00Z

value	0.01569
scoring_system	epss
scoring_elements	0.81526
published_at	2026-04-12T12:55:00Z

value	0.01569
scoring_system	epss
scoring_elements	0.81556
published_at	2026-04-16T12:55:00Z

value	0.01569
scoring_system	epss
scoring_elements	0.81557
published_at	2026-04-18T12:55:00Z

value	0.01569
scoring_system	epss
scoring_elements	0.81559
published_at	2026-04-21T12:55:00Z

value	0.01569
scoring_system	epss
scoring_elements	0.81581
published_at	2026-04-24T12:55:00Z

value	0.01569
scoring_system	epss
scoring_elements	0.8159
published_at	2026-04-26T12:55:00Z

value	0.01569
scoring_system	epss
scoring_elements	0.81466
published_at	2026-04-02T12:55:00Z

value	0.01569
scoring_system	epss
scoring_elements	0.81488
published_at	2026-04-04T12:55:00Z

value	0.01569
scoring_system	epss
scoring_elements	0.81485
published_at	2026-04-07T12:55:00Z

value	0.01569
scoring_system	epss
scoring_elements	0.81513
published_at	2026-04-08T12:55:00Z

value	0.01569
scoring_system	epss
scoring_elements	0.81519
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25179

reference_url

https://github.com/CVEProject/cvelist/blob/00bfb5abeecc9f553a2f42954ee540e493498ee9/2022/25xxx/CVE-2022-25179.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/CVEProject/cvelist/blob/00bfb5abeecc9f553a2f42954ee540e493498ee9/2022/25xxx/CVE-2022-25179.json

reference_url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2055792
reference_id	2055792
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2055792

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25179

reference_id

CVE-2022-25179

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25179

reference_url

https://github.com/advisories/GHSA-2m9w-9xh2-wxc3

reference_id

GHSA-2m9w-9xh2-wxc3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2m9w-9xh2-wxc3

reference_url	https://access.redhat.com/errata/RHSA-2022:0871
reference_id	RHSA-2022:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0871

reference_url	https://access.redhat.com/errata/RHSA-2022:1021
reference_id	RHSA-2022:1021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1021

reference_url	https://access.redhat.com/errata/RHSA-2022:1025
reference_id	RHSA-2022:1025
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1025

reference_url	https://access.redhat.com/errata/RHSA-2022:1248
reference_id	RHSA-2022:1248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1248

reference_url	https://access.redhat.com/errata/RHSA-2022:1420
reference_id	RHSA-2022:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1420

reference_url	https://access.redhat.com/errata/RHSA-2022:1620
reference_id	RHSA-2022:1620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1620

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-multibranch@696.698.v9b4218eea50f
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-multibranch@696.698.v9b4218eea50f
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-multibranch@696.698.v9b4218eea50f

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-multibranch@707.v71c3f0a
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-multibranch@707.v71c3f0a
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-multibranch@707.v71c3f0a

aliases CVE-2022-25179, GHSA-2m9w-9xh2-wxc3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h57k-wsgx-4kbr

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-multibranch@696.v52535c46f4c9

Package Instance