Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/146380?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/146380?format=api", "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.51-1.git.0.0aa9fc2?arch=el7", "type": "rpm", "namespace": "redhat", "name": "atomic-openshift-cluster-autoscaler", "version": "3.11.51-1.git.0.0aa9fc2", "qualifiers": { "arch": "el7" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40598?format=api", "vulnerability_id": "VCID-27b3-pvj5-n7g6", "summary": "Path Traversal\nA path traversal vulnerability exists in Jenkins, in `core/src/main/java/hudson/model/FileParameterValue.java` that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000406.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000406.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09263", "scoring_system": "epss", "scoring_elements": "0.92885", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.09263", "scoring_system": "epss", "scoring_elements": "0.92884", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09263", "scoring_system": "epss", "scoring_elements": "0.92892", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.09263", "scoring_system": "epss", "scoring_elements": "0.92896", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.09263", "scoring_system": "epss", "scoring_elements": "0.92887", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000406" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/c3351d2e7c3edfee82b9470e9aa1168982296072", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/c3351d2e7c3edfee82b9470e9aa1168982296072" }, { "reference_url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1074", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1074" }, { "reference_url": "http://www.securityfocus.com/bid/106532", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106532" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642877", "reference_id": "1642877", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000406", "reference_id": "CVE-2018-1000406", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000406" }, { "reference_url": "https://github.com/advisories/GHSA-3pr8-rf62-g893", "reference_id": "GHSA-3pr8-rf62-g893", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3pr8-rf62-g893" } ], "fixed_packages": [], "aliases": [ "CVE-2018-1000406", "GHSA-3pr8-rf62-g893" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-27b3-pvj5-n7g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40603?format=api", "vulnerability_id": "VCID-c3h2-s7s6-8kgq", "summary": "Information Exposure\nAn information exposure vulnerability exists in Jenkins, LTS, and the Stapler framework used by these releases, in `core/src/main/java/org/kohsuke/stapler/RequestImpl.java`, `core/src/main/java/hudson/model/Descriptor.java` that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000410.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000410.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000410", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31505", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31401", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31437", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31433", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.3147", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000410" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/7366cc50106442a021c5178cd101057ecc08f2c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/7366cc50106442a021c5178cd101057ecc08f2c2" }, { "reference_url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-765", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-765" }, { "reference_url": "http://www.securityfocus.com/bid/106532", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106532" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642892", "reference_id": "1642892", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642892" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000410", "reference_id": "CVE-2018-1000410", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000410" }, { "reference_url": "https://github.com/advisories/GHSA-53jp-gmwc-jwf6", "reference_id": "GHSA-53jp-gmwc-jwf6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-53jp-gmwc-jwf6" } ], "fixed_packages": [], "aliases": [ "CVE-2018-1000410", "GHSA-53jp-gmwc-jwf6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3h2-s7s6-8kgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40640?format=api", "vulnerability_id": "VCID-gap7-h1hp-gqer", "summary": "Path Traversal\nA path traversal vulnerability exists in the Stapler web framework used by Jenkins that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their `toString()` representation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000997.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000997.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83692", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83717", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83716", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83705", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83713", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000997" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/fd5f5be0304c6bf1918892b81e2efb6b6d09c521", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/fd5f5be0304c6bf1918892b81e2efb6b6d09c521" }, { "reference_url": "https://github.com/jenkinsci/stapler/commit/0dfc28aa2102a59638484fc11c4c53b1dbb2baf0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/stapler/commit/0dfc28aa2102a59638484fc11c4c53b1dbb2baf0" }, { "reference_url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-867", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-867" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642876", "reference_id": "1642876", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642876" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000997", "reference_id": "CVE-2018-1000997", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000997" }, { "reference_url": "https://github.com/advisories/GHSA-5hfp-964w-5vgm", "reference_id": "GHSA-5hfp-964w-5vgm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hfp-964w-5vgm" } ], "fixed_packages": [], "aliases": [ "CVE-2018-1000997", "GHSA-5hfp-964w-5vgm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gap7-h1hp-gqer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40193?format=api", "vulnerability_id": "VCID-kk6r-wvqb-hkgb", "summary": "Missing Release of Resource after Effective Lifetime\nA denial of service vulnerability exists in Jenkins in `BasicAuthenticationFilter.java`, `BasicHeaderApiTokenAuthenticator.java` that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1999043.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1999043.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1999043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50803", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50868", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50863", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50817", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50847", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1999043" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-672", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-672" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620342", "reference_id": "1620342", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620342" }, { "reference_url": "https://security.archlinux.org/AVG-778", "reference_id": "AVG-778", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-778" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999043", "reference_id": "CVE-2018-1999043", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999043" }, { "reference_url": "https://github.com/advisories/GHSA-2632-h32j-6rg9", "reference_id": "GHSA-2632-h32j-6rg9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2632-h32j-6rg9" } ], "fixed_packages": [], "aliases": [ "CVE-2018-1999043", "GHSA-2632-h32j-6rg9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kk6r-wvqb-hkgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40604?format=api", "vulnerability_id": "VCID-nvvt-5fse-a3a9", "summary": "Cross-site Scripting\nA cross-site scripting vulnerability exists in Jenkins, in `core/src/main/java/hudson/model/Api.java` that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000407.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000407.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54565", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54527", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54584", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54594", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54586", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000407" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/df87e12ddcfeafdba6e0de0e07b3e21f8473ece6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/df87e12ddcfeafdba6e0de0e07b3e21f8473ece6" }, { "reference_url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1129", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1129" }, { "reference_url": "http://www.securityfocus.com/bid/106532", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106532" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642879", "reference_id": "1642879", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642879" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000407", "reference_id": "CVE-2018-1000407", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000407" }, { "reference_url": "https://github.com/advisories/GHSA-hv45-5j9h-7fhg", "reference_id": "GHSA-hv45-5j9h-7fhg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hv45-5j9h-7fhg" } ], "fixed_packages": [], "aliases": [ "CVE-2018-1000407", "GHSA-hv45-5j9h-7fhg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nvvt-5fse-a3a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40597?format=api", "vulnerability_id": "VCID-t814-hrg6-27aj", "summary": "Session Fixation\nA session fixation vulnerability exists in Jenkins that prevents it from invalidating the existing session and creating a new one when a user signed up for a new user account.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000409.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000409.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000409", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22258", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22287", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22359", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22372", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22311", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000409" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/517da6ed389f0a606dd9bb8595bc79fc93f4331c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/517da6ed389f0a606dd9bb8595bc79fc93f4331c" }, { "reference_url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1158", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1158" }, { "reference_url": "http://www.securityfocus.com/bid/106532", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106532" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642885", "reference_id": "1642885", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642885" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000409", "reference_id": "CVE-2018-1000409", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000409" }, { "reference_url": "https://github.com/advisories/GHSA-rr6r-p7rw-369c", "reference_id": "GHSA-rr6r-p7rw-369c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rr6r-p7rw-369c" } ], "fixed_packages": [], "aliases": [ "CVE-2018-1000409", "GHSA-rr6r-p7rw-369c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t814-hrg6-27aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109356?format=api", "vulnerability_id": "VCID-tc8g-mxvg-byb6", "summary": "kibana: Arbitrary file inclusion vulnerability in the Console plugin", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17246.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17246.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93773", "scoring_system": "epss", "scoring_elements": "0.99863", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.93773", "scoring_system": "epss", "scoring_elements": "0.99864", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17246" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647344", "reference_id": "1647344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647344" } ], "fixed_packages": [], "aliases": [ "CVE-2018-17246" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc8g-mxvg-byb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40592?format=api", "vulnerability_id": "VCID-uw4s-5jvh-33h9", "summary": "Uncontrolled Resource Consumption\nA denial of service vulnerability exists in Jenkins that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000408.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35592", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35562", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35672", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35659", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35632", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000408" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/01157a699f611ca7492e872103ac01526a982cf2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/01157a699f611ca7492e872103ac01526a982cf2" }, { "reference_url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1128", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1128" }, { "reference_url": "http://www.securityfocus.com/bid/106532", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106532" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642884", "reference_id": "1642884", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642884" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000408", "reference_id": "CVE-2018-1000408", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000408" }, { "reference_url": "https://github.com/advisories/GHSA-4h47-h3cr-23wh", "reference_id": "GHSA-4h47-h3cr-23wh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4h47-h3cr-23wh" } ], "fixed_packages": [], "aliases": [ "CVE-2018-1000408", "GHSA-4h47-h3cr-23wh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uw4s-5jvh-33h9" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.51-1.git.0.0aa9fc2%3Farch=el7" }