{"url":"http://public2.vulnerablecode.io/api/packages/175117?format=json","purl":"pkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0?arch=el6op","type":"rpm","namespace":"redhat","name":"jenkins-plugin-openshift","version":"0.6.40.1-0","qualifiers":{"arch":"el6op"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111225?format=json","vulnerability_id":"VCID-23j3-mret-p3fu","summary":"Jenkins allows attackers to configure restricted projects\nJenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7330.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7330","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21229","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7330"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/757bc8a53956e6fbab267214e6e0896f03c3c262","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/757bc8a53956e6fbab267214e6e0896f03c3c262"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7330","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7330"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/02/21/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/02/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067799","reference_id":"1067799","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067799"}],"fixed_packages":[],"aliases":["CVE-2013-7330","GHSA-h5jv-hg68-mjhg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23j3-mret-p3fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112030?format=json","vulnerability_id":"VCID-44e7-q5az-kfdd","summary":"Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code\nJenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3667.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3667.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3667","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3667"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3667","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17622","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3667"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147770","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147770"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f0a29b562e14d837912c6b35fa4e81478563813a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f0a29b562e14d837912c6b35fa4e81478563813a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3667","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3667"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"}],"fixed_packages":[],"aliases":["CVE-2014-3667","GHSA-5xm3-48v5-6h7v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44e7-q5az-kfdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44133?format=json","vulnerability_id":"VCID-4swh-vw4s-2kd3","summary":"Jenkins Denial of Service vulnerability\nCVE-2014-3661 jenkins: denial of service (SECURITY-87)","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3661.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3661.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3661","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.362","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3661"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147758","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147758"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3661","reference_id":"CVE-2014-3661","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3661"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3661","reference_id":"CVE-2014-3661","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3661"},{"reference_url":"https://github.com/advisories/GHSA-r5m2-g5gc-q43r","reference_id":"GHSA-r5m2-g5gc-q43r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r5m2-g5gc-q43r"}],"fixed_packages":[],"aliases":["CVE-2014-3661","GHSA-r5m2-g5gc-q43r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4swh-vw4s-2kd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111430?format=json","vulnerability_id":"VCID-86yj-6jrx-audb","summary":"Jenkins Subversion Plugin Stores Credentials with Base64 Encoding\nThe Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6372.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6372.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-6372","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-6372"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6372","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19298","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6372"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1032391","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1032391"},{"reference_url":"https://github.com/jenkinsci/subversion-plugin","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/subversion-plugin"},{"reference_url":"https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6372","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6372"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20"}],"fixed_packages":[],"aliases":["CVE-2013-6372","GHSA-c4fr-gx5w-8qf2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86yj-6jrx-audb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114083?format=json","vulnerability_id":"VCID-8du4-pguk-xufz","summary":"OpenShift: /proc/net/tcp information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3602.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3602.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3602","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15532","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3602"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1131680","reference_id":"1131680","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1131680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1796","reference_id":"RHSA-2014:1796","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1906","reference_id":"RHSA-2014:1906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1906"}],"fixed_packages":[],"aliases":["CVE-2014-3602"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8du4-pguk-xufz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111121?format=json","vulnerability_id":"VCID-dyzn-kn37-9ub7","summary":"Jenkins cross-site scripting (XSS) vulnerability\nCross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2065.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2065.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2065","reference_id":"","reference_type":"","scores":[{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33382","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2065"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2065","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2065"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/02/21/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/02/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067820","reference_id":"1067820","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067820"}],"fixed_packages":[],"aliases":["CVE-2014-2065","GHSA-fxj8-cqcp-3vgq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyzn-kn37-9ub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111952?format=json","vulnerability_id":"VCID-gngu-jj3a-8fhk","summary":"Jenkins cross-site scripting (XSS) vulnerability\nCross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a \"remote cause note.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2067.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2067.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2067","reference_id":"","reference_type":"","scores":[{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.28848","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2067"},{"reference_url":"http://seclists.org/oss-sec/2014/q1/421","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2014/q1/421"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/91354","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/91354"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2067","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2067"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067832","reference_id":"1067832","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067832"}],"fixed_packages":[],"aliases":["CVE-2014-2067","GHSA-vj6q-v2h7-6q5m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gngu-jj3a-8fhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112300?format=json","vulnerability_id":"VCID-jrar-ahy7-4ud5","summary":"Jenkins directory traversal vulnerability\nDirectory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2059.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2059.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2059","reference_id":"","reference_type":"","scores":[{"value":"0.01968","scoring_system":"epss","scoring_elements":"0.83854","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2059"},{"reference_url":"http://seclists.org/oss-sec/2014/q1/421","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2014/q1/421"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/91346","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/91346"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2059","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2059"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067801","reference_id":"1067801","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067801"}],"fixed_packages":[],"aliases":["CVE-2014-2059","GHSA-v759-3fh9-84mx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrar-ahy7-4ud5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111483?format=json","vulnerability_id":"VCID-jutz-hc8r-vqbg","summary":"Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs\nJenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3663.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3663.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3663","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3663"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3663","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2045","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3663"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147764","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147764"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3663","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3663"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"}],"fixed_packages":[],"aliases":["CVE-2014-3663","GHSA-64mc-2m9p-23c8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jutz-hc8r-vqbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111552?format=json","vulnerability_id":"VCID-k36j-f4b3-8bfj","summary":"Jenkin allows attackers to obtain passwords by reading the HTML source code\nThe input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2061.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2061.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2061","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.52014","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2061"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2061","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2061"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/02/21/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/02/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067808","reference_id":"1067808","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067808"}],"fixed_packages":[],"aliases":["CVE-2014-2061","GHSA-rxfv-gm5x-9wqj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k36j-f4b3-8bfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111205?format=json","vulnerability_id":"VCID-mq9r-9w5v-huca","summary":"Jenkins Monitoring Plugin allows Cross-Site Scripting (XSS)\nCross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3678.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3678.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3678","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3678"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3678","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48982","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3678"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147760","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147760"},{"reference_url":"https://github.com/jenkinsci/monitoring-plugin","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/monitoring-plugin"},{"reference_url":"https://github.com/jenkinsci/monitoring-plugin/commit/f0f6aeef2032696c97d4b015dd51fa2b841b0473","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/monitoring-plugin/commit/f0f6aeef2032696c97d4b015dd51fa2b841b0473"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3678","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3678"},{"reference_url":"https://wiki.jenkins-ci.org/display/JENKINS/Monitoring","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/JENKINS/Monitoring"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"}],"fixed_packages":[],"aliases":["CVE-2014-3678","GHSA-ghjw-fc9q-jj8c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mq9r-9w5v-huca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112221?format=json","vulnerability_id":"VCID-p8y3-m68e-xfgn","summary":"Jenkins Path Traversal vulnerability\nDirectory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3664.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3664.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3664","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3664"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3664","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41046","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3664"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147765","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147765"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/96973","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/96973"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3664","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3664"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"}],"fixed_packages":[],"aliases":["CVE-2014-3664","GHSA-3gp5-92h5-h855"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p8y3-m68e-xfgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112413?format=json","vulnerability_id":"VCID-pd5w-n7r7-b7g8","summary":"Jenkins allows Remote Attackers to Hijack Sessions\nThe Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2060.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2060.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2060","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34529","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2060"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2060","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2060"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/02/21/2","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/02/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067806","reference_id":"1067806","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067806"}],"fixed_packages":[],"aliases":["CVE-2014-2060","GHSA-9c26-cf8c-mw43"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pd5w-n7r7-b7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111258?format=json","vulnerability_id":"VCID-prkz-18vj-huam","summary":"Jenkins allows for Code Execution via Crafted Packet to the CLI\nJenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3666.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3666.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3666","reference_id":"","reference_type":"","scores":[{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.7933","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3666"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/be195b0e19343bff6d966029d8eea99b2c039c32","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/be195b0e19343bff6d966029d8eea99b2c039c32"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3666","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3666"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147769","reference_id":"1147769","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147769"}],"fixed_packages":[],"aliases":["CVE-2014-3666","GHSA-fvfh-8mj3-23xj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-prkz-18vj-huam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44140?format=json","vulnerability_id":"VCID-qctz-vs9y-s7fr","summary":"Jenkins allows Cross-Site Scripting (XSS) in User Configuration\nCross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.","references":[{"reference_url":"http://packetstormsecurity.com/files/124513","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/124513"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5573.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5573.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5573","reference_id":"","reference_type":"","scores":[{"value":"0.01627","scoring_system":"epss","scoring_elements":"0.82209","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5573"},{"reference_url":"http://seclists.org/bugtraq/2013/Dec/104","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/bugtraq/2013/Dec/104"},{"reference_url":"http://seclists.org/fulldisclosure/2013/Dec/159","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2013/Dec/159"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/89872","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/89872"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://web.archive.org/web/20200229071540/http://www.securityfocus.com/bid/64414","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229071540/http://www.securityfocus.com/bid/64414"},{"reference_url":"http://www.exploit-db.com/exploits/30408","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.exploit-db.com/exploits/30408"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1044976","reference_id":"1044976","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1044976"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5573","reference_id":"CVE-2013-5573","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5573"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30408.txt","reference_id":"CVE-2013-5573;OSVDB-101187","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30408.txt"},{"reference_url":"https://github.com/advisories/GHSA-52g6-pfrq-rxfv","reference_id":"GHSA-52g6-pfrq-rxfv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-52g6-pfrq-rxfv"}],"fixed_packages":[],"aliases":["CVE-2013-5573","GHSA-52g6-pfrq-rxfv"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qctz-vs9y-s7fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43857?format=json","vulnerability_id":"VCID-qrku-1znm-6ken","summary":"Jenkins Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3681.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3681.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3681","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.4837","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3681"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147766","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147766"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/96975","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/96975"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3681","reference_id":"CVE-2014-3681","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3681"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3681","reference_id":"CVE-2014-3681","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3681"},{"reference_url":"https://github.com/advisories/GHSA-cwh9-f8m6-6r63","reference_id":"GHSA-cwh9-f8m6-6r63","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cwh9-f8m6-6r63"}],"fixed_packages":[],"aliases":["CVE-2014-3681","GHSA-cwh9-f8m6-6r63"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrku-1znm-6ken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111477?format=json","vulnerability_id":"VCID-rczn-8mhg-r3gt","summary":"Jenkins allows attackers to determine whether a user exists\nThe loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2064.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2064","reference_id":"","reference_type":"","scores":[{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60301","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2064"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2064","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2064"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/02/21/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/02/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067817","reference_id":"1067817","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067817"}],"fixed_packages":[],"aliases":["CVE-2014-2064","GHSA-9vg9-x38g-9hfx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rczn-8mhg-r3gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112289?format=json","vulnerability_id":"VCID-u5tc-wg7e-hugj","summary":"Jenkins Vulnerable to Clickjacking\nJenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2063.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2063.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2063","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62794","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2063"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2063","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2063"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/02/21/2","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/02/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067812","reference_id":"1067812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067812"}],"fixed_packages":[],"aliases":["CVE-2014-2063","GHSA-w3f5-gq7j-m797"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5tc-wg7e-hugj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111069?format=json","vulnerability_id":"VCID-wbmv-s3gz-xfe4","summary":"Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability\nJenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3662.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3662.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3662","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3662"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3662","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28403","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3662"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147759","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147759"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3662","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3662"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"}],"fixed_packages":[],"aliases":["CVE-2014-3662","GHSA-fxqr-px2m-fvc2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbmv-s3gz-xfe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114002?format=json","vulnerability_id":"VCID-ww5y-dfs2-ubef","summary":"Enterprise: gears fail to properly isolate network traffic","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3674.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3674.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3674","reference_id":"","reference_type":"","scores":[{"value":"0.004","scoring_system":"epss","scoring_elements":"0.61032","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3674"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1148170","reference_id":"1148170","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1148170"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1796","reference_id":"RHSA-2014:1796","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1906","reference_id":"RHSA-2014:1906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1906"}],"fixed_packages":[],"aliases":["CVE-2014-3674"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ww5y-dfs2-ubef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111027?format=json","vulnerability_id":"VCID-xazs-qswk-97hg","summary":"Jenkins session fixation vulnerability\nSession fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the \"override\" of Jenkins cookies.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2066.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2066.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2066","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33578","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2066"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2066","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2066"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/02/21/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/02/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067827","reference_id":"1067827","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067827"}],"fixed_packages":[],"aliases":["CVE-2014-2066","GHSA-8jfx-h6q2-v4g3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xazs-qswk-97hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110957?format=json","vulnerability_id":"VCID-z5nz-eya3-ebez","summary":"Jenkins allows attackers to obtain sensitive information\nThe doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2068.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2068.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2068","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24658","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2068"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2068","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2068"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/02/21/2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/02/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067835","reference_id":"1067835","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067835"}],"fixed_packages":[],"aliases":["CVE-2014-2068","GHSA-pv88-j6rg-r56p"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z5nz-eya3-ebez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112196?format=json","vulnerability_id":"VCID-zwgz-acg7-sbh3","summary":"Jenkins does not invalidate the API token when a user is deleted\nJenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2062.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2062","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40227","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2062"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2062","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2062"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/02/21/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/02/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067811","reference_id":"1067811","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1067811"}],"fixed_packages":[],"aliases":["CVE-2014-2062","GHSA-vxc6-wvh8-fpxw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwgz-acg7-sbh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44180?format=json","vulnerability_id":"VCID-zyc8-haw1-53dc","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nCVE-2014-3665 jenkins: remote code execution from slaves (SECURITY-144)","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2014:1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2014:1630"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3665.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3665.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3665","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57938","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3665"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147767","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147767"},{"reference_url":"https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3665","reference_id":"CVE-2014-3665","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3665"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3665","reference_id":"CVE-2014-3665","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3665"},{"reference_url":"https://github.com/advisories/GHSA-66cr-6whx-732p","reference_id":"GHSA-66cr-6whx-732p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-66cr-6whx-732p"}],"fixed_packages":[],"aliases":["CVE-2014-3665","GHSA-66cr-6whx-732p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyc8-haw1-53dc"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0%3Farch=el6op"}