Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f

Type maven

Namespace org.jenkins-ci.plugins.workflow

Name workflow-cps

Version 2648.2651.v230593e03e9f

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2656.vf7a

Latest_non_vulnerable_version 3993.v3e20a

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-hfgn-gzn3-hffc

vulnerability_id VCID-hfgn-gzn3-hffc

summary Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25173.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25173.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25173

reference_id

reference_type

scores

value	0.00184
scoring_system	epss
scoring_elements	0.39979
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25173

reference_url

https://github.com/jenkinsci/workflow-cps-plugin/commit/f7ae7b75a457976853539bff1db52373b85fdb85

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/workflow-cps-plugin/commit/f7ae7b75a457976853539bff1db52373b85fdb85

reference_url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463

reference_url

http://www.openwall.com/lists/oss-security/2022/02/15/2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/02/15/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2055733
reference_id	2055733
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2055733

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25173

reference_id

CVE-2022-25173

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25173

reference_url

https://github.com/CVEProject/cvelist/blob/3615f493b8a36ff15735fb9d79c9dc9e0d542695/2022/25xxx/CVE-2022-25173.json

reference_id

CVE-2022-25173.JSON

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/CVEProject/cvelist/blob/3615f493b8a36ff15735fb9d79c9dc9e0d542695/2022/25xxx/CVE-2022-25173.json

reference_url

https://github.com/advisories/GHSA-4m7p-55jm-3vwv

reference_id

GHSA-4m7p-55jm-3vwv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4m7p-55jm-3vwv

reference_url	https://access.redhat.com/errata/RHSA-2022:0871
reference_id	RHSA-2022:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0871

reference_url	https://access.redhat.com/errata/RHSA-2022:1021
reference_id	RHSA-2022:1021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1021

reference_url	https://access.redhat.com/errata/RHSA-2022:1025
reference_id	RHSA-2022:1025
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1025

reference_url	https://access.redhat.com/errata/RHSA-2022:1248
reference_id	RHSA-2022:1248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1248

reference_url	https://access.redhat.com/errata/RHSA-2022:1420
reference_id	RHSA-2022:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1420

reference_url	https://access.redhat.com/errata/RHSA-2022:1620
reference_id	RHSA-2022:1620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1620

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.92.1
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.92.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.92.1

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.94.1
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.94.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.94.1

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a

aliases CVE-2022-25173, GHSA-4m7p-55jm-3vwv

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hfgn-gzn3-hffc

url VCID-nh7w-pqsb-tqdw

vulnerability_id VCID-nh7w-pqsb-tqdw

summary Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25176.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25176.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25176

reference_id

reference_type

scores

value	0.00642
scoring_system	epss
scoring_elements	0.71097
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25176

reference_url

https://github.com/jenkinsci/workflow-cps-plugin

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/workflow-cps-plugin

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2055787
reference_id	2055787
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2055787

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25176

reference_id

CVE-2022-25176

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25176

reference_url

https://github.com/advisories/GHSA-6473-gqrj-4p65

reference_id

GHSA-6473-gqrj-4p65

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6473-gqrj-4p65

reference_url	https://access.redhat.com/errata/RHSA-2022:0871
reference_id	RHSA-2022:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0871

reference_url	https://access.redhat.com/errata/RHSA-2022:1021
reference_id	RHSA-2022:1021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1021

reference_url	https://access.redhat.com/errata/RHSA-2022:1025
reference_id	RHSA-2022:1025
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1025

reference_url	https://access.redhat.com/errata/RHSA-2022:1248
reference_id	RHSA-2022:1248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1248

reference_url	https://access.redhat.com/errata/RHSA-2022:1420
reference_id	RHSA-2022:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1420

reference_url	https://access.redhat.com/errata/RHSA-2022:1620
reference_id	RHSA-2022:1620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1620

reference_url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613

reference_id

#SECURITY-2613

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:28Z/

url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.92.1
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.92.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.92.1

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.94.1
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.94.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2.94.1

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f

aliases CVE-2022-25176, GHSA-6473-gqrj-4p65

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nh7w-pqsb-tqdw

url VCID-uvz6-5pyr-ekga

vulnerability_id VCID-uvz6-5pyr-ekga

summary Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25180.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25180.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25180

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.12603
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25180

reference_url

https://github.com/jenkinsci/workflow-cps-plugin/commit/886676efdd711e126307ec70a539f2fe613151f9

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/workflow-cps-plugin/commit/886676efdd711e126307ec70a539f2fe613151f9

reference_url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2443

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2443

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2055795
reference_id	2055795
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2055795

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25180

reference_id

CVE-2022-25180

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25180

reference_url

https://github.com/advisories/GHSA-qv6q-x9vr-w7j3

reference_id

GHSA-qv6q-x9vr-w7j3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qv6q-x9vr-w7j3

reference_url	https://access.redhat.com/errata/RHSA-2022:0871
reference_id	RHSA-2022:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0871

reference_url	https://access.redhat.com/errata/RHSA-2022:1021
reference_id	RHSA-2022:1021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1021

reference_url	https://access.redhat.com/errata/RHSA-2022:1025
reference_id	RHSA-2022:1025
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1025

reference_url	https://access.redhat.com/errata/RHSA-2022:1248
reference_id	RHSA-2022:1248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1248

reference_url	https://access.redhat.com/errata/RHSA-2022:1420
reference_id	RHSA-2022:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1420

reference_url	https://access.redhat.com/errata/RHSA-2022:1620
reference_id	RHSA-2022:1620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1620

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a_e7b_75a_457
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a_e7b_75a_457
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a_e7b_75a_457

aliases CVE-2022-25180, GHSA-qv6q-x9vr-w7j3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvz6-5pyr-ekga

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f

Package Instance