{"url":"http://public2.vulnerablecode.io/api/packages/169441?format=json","purl":"pkg:rpm/redhat/openshift-origin-cartridge-php@1.34.1.1-1?arch=el6op","type":"rpm","namespace":"redhat","name":"openshift-origin-cartridge-php","version":"1.34.1.1-1","qualifiers":{"arch":"el6op"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111288?format=json","vulnerability_id":"VCID-1dxn-ck3w-97a2","summary":"Jenkins Vulnerable to Denial of Service (DoS)\nJenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1808.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1808.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1808","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38771","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38775","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38746","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38681","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1808"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205623","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205623"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1808","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1808"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"},{"reference_url":"https://github.com/advisories/GHSA-3rwx-3vwh-mwxc","reference_id":"GHSA-3rwx-3vwh-mwxc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3rwx-3vwh-mwxc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1808","GHSA-3rwx-3vwh-mwxc"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1dxn-ck3w-97a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110965?format=json","vulnerability_id":"VCID-aapq-z1px-pqaz","summary":"Jenkins allows for Privilege Escalation by Remote Authenticated Users\nThe combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1806.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1806.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1806","reference_id":"","reference_type":"","scores":[{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70924","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70973","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70956","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70966","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1806"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205620","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205620"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1806","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1806"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"},{"reference_url":"https://github.com/advisories/GHSA-mm9c-4cv4-7rfv","reference_id":"GHSA-mm9c-4cv4-7rfv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mm9c-4cv4-7rfv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1806","GHSA-mm9c-4cv4-7rfv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aapq-z1px-pqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112286?format=json","vulnerability_id":"VCID-emmz-reus-3qav","summary":"XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1809.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1809.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1809","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32229","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32267","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32298","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1809"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205625","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205625"},{"reference_url":"https://jenkins.io/security/advisory/2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2015-02-27"},{"reference_url":"https://jenkins.io/security/advisory/2015-02-27/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2015-02-27/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1809","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1809"},{"reference_url":"https://github.com/advisories/GHSA-qj27-w92h-fc9r","reference_id":"GHSA-qj27-w92h-fc9r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qj27-w92h-fc9r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1809","GHSA-qj27-w92h-fc9r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emmz-reus-3qav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111721?format=json","vulnerability_id":"VCID-hdq6-1f1k-r7d7","summary":"Jenkins Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1812.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1812.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1812","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44076","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44024","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44101","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44093","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1812"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205615","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205615"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f58ba6e72f978e2f73299e38a1b54ff70fc73fd8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f58ba6e72f978e2f73299e38a1b54ff70fc73fd8"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f880d8d2cd9d46987ee3630fa04f77b17784f4e8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f880d8d2cd9d46987ee3630fa04f77b17784f4e8"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1812","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1812"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1812","GHSA-w5v7-q2j4-fvpf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdq6-1f1k-r7d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111617?format=json","vulnerability_id":"VCID-k313-wjg2-wbaw","summary":"Jenkins allows for Privilege Escalation by Remote Authenticated Users\nThe API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a \"forced API token change\" involving anonymous users.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1814.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1814.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1814","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47258","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47239","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47255","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.4719","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1814"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205616","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205616"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/57e78880cc035874bda916ef4d8d7fd7642af9db","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/57e78880cc035874bda916ef4d8d7fd7642af9db"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1814","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1814"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"},{"reference_url":"https://github.com/advisories/GHSA-3269-jqp5-v8c9","reference_id":"GHSA-3269-jqp5-v8c9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3269-jqp5-v8c9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1814","GHSA-3269-jqp5-v8c9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k313-wjg2-wbaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111133?format=json","vulnerability_id":"VCID-px15-mdvh-8ybg","summary":"Jenkins allows Cross-Site Scripting (XSS)\nCross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1813.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1813.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1813","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44024","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44076","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44101","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44093","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1813"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205615","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205615"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1813","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1813"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"},{"reference_url":"https://github.com/advisories/GHSA-9h85-v6xf-h26q","reference_id":"GHSA-9h85-v6xf-h26q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9h85-v6xf-h26q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1813","GHSA-9h85-v6xf-h26q"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-px15-mdvh-8ybg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113761?format=json","vulnerability_id":"VCID-s7kj-9zkw-ubdm","summary":"jenkins: directory traversal from artifacts via symlink (SECURITY-162)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1807.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1807","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31774","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31844","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31812","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1807"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205622","reference_id":"1205622","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1807"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s7kj-9zkw-ubdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44162?format=json","vulnerability_id":"VCID-ss6w-thk4-7fd3","summary":"Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation\nThe HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1810.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1810","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6309","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63133","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63143","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63134","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1810"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205627"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1810","reference_id":"CVE-2015-1810","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1810"},{"reference_url":"https://github.com/advisories/GHSA-37wm-28rm-56vw","reference_id":"GHSA-37wm-28rm-56vw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-37wm-28rm-56vw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1810","GHSA-37wm-28rm-56vw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ss6w-thk4-7fd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111472?format=json","vulnerability_id":"VCID-v2df-dkjv-5kaz","summary":"XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1811.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1811.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1811","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31298","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31262","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31332","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31264","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1811"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205632"},{"reference_url":"https://jenkins.io/security/advisory/2015-02-27","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2015-02-27"},{"reference_url":"https://jenkins.io/security/advisory/2015-02-27/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2015-02-27/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1811","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1811"},{"reference_url":"https://github.com/advisories/GHSA-qg7x-4h4q-3m49","reference_id":"GHSA-qg7x-4h4q-3m49","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qg7x-4h4q-3m49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1844","reference_id":"RHSA-2015:1844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1844"}],"fixed_packages":[],"aliases":["CVE-2015-1811","GHSA-qg7x-4h4q-3m49"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2df-dkjv-5kaz"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-php@1.34.1.1-1%3Farch=el6op"}