{"url":"http://public2.vulnerablecode.io/api/packages/244947?format=json","purl":"pkg:rpm/redhat/jenkins@1.625.3-1?arch=el6op","type":"rpm","namespace":"redhat","name":"jenkins","version":"1.625.3-1","qualifiers":{"arch":"el6op"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61600?format=json","vulnerability_id":"VCID-6ee4-nc65-1kge","summary":"Jenkins allows Cross-Site Scripting (XSS)\nCross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5326.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5326.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5326","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25798","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5326"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5326","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5326"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282369","reference_id":"1282369","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282369"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-5mwr-jg3r-jv66","reference_id":"GHSA-5mwr-jg3r-jv66","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5mwr-jg3r-jv66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5326","GHSA-5mwr-jg3r-jv66"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ee4-nc65-1kge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60221?format=json","vulnerability_id":"VCID-7696-j5a5-4kgx","summary":"Jenkins allows Bypass of Access Restrictions\nJenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5325.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5325.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5325","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24792","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5325"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/054a329c59171ca12ff98f7063ce7fd053ee08bf","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/054a329c59171ca12ff98f7063ce7fd053ee08bf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5325","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5325"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282368","reference_id":"1282368","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282368"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-x2q2-8pwq-fr5r","reference_id":"GHSA-x2q2-8pwq-fr5r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2q2-8pwq-fr5r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5325","GHSA-x2q2-8pwq-fr5r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7696-j5a5-4kgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55054?format=json","vulnerability_id":"VCID-8bcj-e5ay-yud4","summary":"Jenkins has Local File Inclusion Vulnerability\nDirectory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5322.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5322.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5322","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37225","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5322"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5322","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5322"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282365","reference_id":"1282365","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282365"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-89vc-7frq-2rfj","reference_id":"GHSA-89vc-7frq-2rfj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-89vc-7frq-2rfj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5322","GHSA-89vc-7frq-2rfj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bcj-e5ay-yud4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55244?format=json","vulnerability_id":"VCID-anzg-hqax-yugk","summary":"Jenkins allows Unauthorized Viewing of Queue API Information\nJenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5324.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5324.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5324","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37076","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5324"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/33b55588a6a5f844a59f2cd8940d385c6d412eb5","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/33b55588a6a5f844a59f2cd8940d385c6d412eb5"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/4a72e938d58598cd4bd3caa48ee9e8a3f60c30e4","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/4a72e938d58598cd4bd3caa48ee9e8a3f60c30e4"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/581eb9ceb354b8a55c010d0547ff73cb6fd67a75","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/581eb9ceb354b8a55c010d0547ff73cb6fd67a75"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5324","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5324"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282367","reference_id":"1282367","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282367"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-5xmf-9vgr-53mj","reference_id":"GHSA-5xmf-9vgr-53mj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xmf-9vgr-53mj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5324","GHSA-5xmf-9vgr-53mj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-anzg-hqax-yugk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61699?format=json","vulnerability_id":"VCID-aqhe-tbw8-ukav","summary":"Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI\nXML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5319.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5319.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5319","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39751","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5319"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/e78e9e8144f7304cf274cd4b756f458cf63a3556","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/e78e9e8144f7304cf274cd4b756f458cf63a3556"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5319","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282362","reference_id":"1282362","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282362"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-3j9c-cp7m-8w8g","reference_id":"GHSA-3j9c-cp7m-8w8g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3j9c-cp7m-8w8g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5319","GHSA-3j9c-cp7m-8w8g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqhe-tbw8-ukav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60489?format=json","vulnerability_id":"VCID-edsq-81tz-5be7","summary":"Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack\nJenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5318.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5318.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5318","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22795","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5318"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f53802bb82a25b295b6dfa3bf2a591a6c8552183","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f53802bb82a25b295b6dfa3bf2a591a6c8552183"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5318","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5318"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282361","reference_id":"1282361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282361"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-3wmv-7php-rhg5","reference_id":"GHSA-3wmv-7php-rhg5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3wmv-7php-rhg5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5318","GHSA-3wmv-7php-rhg5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-edsq-81tz-5be7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61429?format=json","vulnerability_id":"VCID-fdwv-qjun-kkhs","summary":"Jenkins discloses project names via fingerprints\nThe Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5317.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5317.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5317","reference_id":"","reference_type":"","scores":[{"value":"0.39696","scoring_system":"epss","scoring_elements":"0.97381","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5317"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5317","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5317"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282359","reference_id":"1282359","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282359"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/"}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-8pqx-3rxx-f5pm","reference_id":"GHSA-8pqx-3rxx-f5pm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8pqx-3rxx-f5pm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5317","GHSA-8pqx-3rxx-f5pm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fdwv-qjun-kkhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60321?format=json","vulnerability_id":"VCID-jhmu-bp4q-jkgw","summary":"Jenkins does not Verify Checksums for Plugin Files\nThe Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7539.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7539.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7539","reference_id":"","reference_type":"","scores":[{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73791","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7539"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/11479a2cc0a322a6bcd7e65667f3d24aa4d444bb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/11479a2cc0a322a6bcd7e65667f3d24aa4d444bb"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/97adb71aa4509f91e408a16ba312e817ec015cf4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/97adb71aa4509f91e408a16ba312e817ec015cf4"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/9ec88357a354d8354728cc06e2b8c8b68aee58bf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/9ec88357a354d8354728cc06e2b8c8b68aee58bf"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/c158648afa8888bc49ac337c973d4e4bc050118e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/c158648afa8888bc49ac337c973d4e4bc050118e"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/f99cb46e06f394637067730a82f46bddc3567295","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/f99cb46e06f394637067730a82f46bddc3567295"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7539","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7539"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291798","reference_id":"1291798","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291798"},{"reference_url":"https://github.com/advisories/GHSA-x274-9m9r-fm5g","reference_id":"GHSA-x274-9m9r-fm5g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x274-9m9r-fm5g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-7539","GHSA-x274-9m9r-fm5g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jhmu-bp4q-jkgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60547?format=json","vulnerability_id":"VCID-pumx-899y-zfgp","summary":"Improper Input Validation in Apache ActiveMQ\nApache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.","references":[{"reference_url":"http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2035.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2035.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2036.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2036.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5254.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5254","reference_id":"","reference_type":"","scores":[{"value":"0.8038","scoring_system":"epss","scoring_elements":"0.99146","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5254"},{"reference_url":"https://github.com/apache/activemq","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq"},{"reference_url":"https://github.com/apache/activemq/commit/6f03921b31d9fefeddb0f4fa63150ed1f94a14b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/6f03921b31d9fefeddb0f4fa63150ed1f94a14b"},{"reference_url":"https://github.com/apache/activemq/commit/73a0caf758f9e4916783a205c7e422b4db27905","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/73a0caf758f9e4916783a205c7e422b4db27905"},{"reference_url":"https://github.com/apache/activemq/commit/7eb9b218b2705cf9273e30ee2da026e43b6dd4e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/7eb9b218b2705cf9273e30ee2da026e43b6dd4e"},{"reference_url":"https://github.com/apache/activemq/commit/a7e2a44fe8d4435ae99532eb0ab852e6247f7b16","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/activemq/commit/a7e2a44fe8d4435ae99532eb0ab852e6247f7b16"},{"reference_url":"https://github.com/apache/activemq/commit/d7a3b9406b8496c3f1508bebf3c7ff5367374b90","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/activemq/commit/d7a3b9406b8496c3f1508bebf3c7ff5367374b90"},{"reference_url":"https://github.com/apache/activemq/commit/e100638244c4ca5eb2a1f16bcdc671c9859c2694","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/activemq/commit/e100638244c4ca5eb2a1f16bcdc671c9859c2694"},{"reference_url":"https://github.com/apache/activemq/commit/e7a4b53f799685e337972dd36ba0253c04bcc01","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/e7a4b53f799685e337972dd36ba0253c04bcc01"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"},{"reference_url":"https://issues.apache.org/jira/browse/AMQ-6013","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/AMQ-6013"},{"reference_url":"https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5254","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5254"},{"reference_url":"http://www.debian.org/security/2016/dsa-3524","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3524"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/12/08/6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/12/08/6"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291292","reference_id":"1291292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291292"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809733","reference_id":"809733","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809733"},{"reference_url":"https://github.com/advisories/GHSA-q9hr-3pg4-3jp4","reference_id":"GHSA-q9hr-3pg4-3jp4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q9hr-3pg4-3jp4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2035","reference_id":"RHSA-2016:2035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2036","reference_id":"RHSA-2016:2036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2036"}],"fixed_packages":[],"aliases":["CVE-2015-5254","GHSA-q9hr-3pg4-3jp4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pumx-899y-zfgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57238?format=json","vulnerability_id":"VCID-rfuk-qnhc-qkfr","summary":"Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor\nJenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5320.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5320.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5320","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30672","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5320"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5320","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5320"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282363","reference_id":"1282363","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282363"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-449q-v4j2-5h8p","reference_id":"GHSA-449q-v4j2-5h8p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-449q-v4j2-5h8p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5320","GHSA-449q-v4j2-5h8p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfuk-qnhc-qkfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56421?format=json","vulnerability_id":"VCID-s39n-453y-gkbw","summary":"Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack\nCross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7537.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7537.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7537","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60833","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7537"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/40a28999e221a209212c30586be9c39049510bd1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/40a28999e221a209212c30586be9c39049510bd1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7537","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7537"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291795","reference_id":"1291795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291795"},{"reference_url":"https://github.com/advisories/GHSA-3vhr-f5xr-8vpx","reference_id":"GHSA-3vhr-f5xr-8vpx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vhr-f5xr-8vpx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-7537","GHSA-3vhr-f5xr-8vpx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s39n-453y-gkbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53538?format=json","vulnerability_id":"VCID-s436-9sc1-57dw","summary":"Jenkins allows Administrators to Access API Tokens\nJenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5323.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5323.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5323","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37268","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5323"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5323","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5323"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282366","reference_id":"1282366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282366"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-x4m5-j4x4-4wjg","reference_id":"GHSA-x4m5-j4x4-4wjg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4m5-j4x4-4wjg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5323","GHSA-x4m5-j4x4-4wjg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s436-9sc1-57dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59392?format=json","vulnerability_id":"VCID-vsjs-nh3k-suf1","summary":"Jenkins has Information Disclosure via Sidepanel Widget\nThe sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5321.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5321.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5321","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30672","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5321"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/251bdb00ab3cf4435416f0a55fa3bccf7f58896a","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/251bdb00ab3cf4435416f0a55fa3bccf7f58896a"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/9e439d462c28fe1c96799c89709dc5d0cb8ab8fa","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/9e439d462c28fe1c96799c89709dc5d0cb8ab8fa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5321","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5321"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282364","reference_id":"1282364","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282364"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-4653-rmch-3g2g","reference_id":"GHSA-4653-rmch-3g2g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4653-rmch-3g2g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-5321","GHSA-4653-rmch-3g2g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vsjs-nh3k-suf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56752?format=json","vulnerability_id":"VCID-y98n-4vek-qqae","summary":"Jenkins CLI Deserialization of Untrusted Data vulnerability\nThe Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic `webapps/ROOT/WEB-INF/lib/commons-collections-*.jar` file and the \"Groovy variant in `ysoserial`\".","references":[{"reference_url":"http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkins"},{"reference_url":"http://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8103.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8103.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8103","reference_id":"","reference_type":"","scores":[{"value":"0.86333","scoring_system":"epss","scoring_elements":"0.99419","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8103"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5bd9b55a2a3249939fd78c501b8959a804c1164b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5bd9b55a2a3249939fd78c501b8959a804c1164b"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/b4193d1132089286ebeaf9d8872c839ad473329c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/b4193d1132089286ebeaf9d8872c839ad473329c"},{"reference_url":"https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8103","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8103"},{"reference_url":"https://web.archive.org/web/20151225025917/http://www.securityfocus.com/bid/77636","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151225025917/http://www.securityfocus.com/bid/77636"},{"reference_url":"https://www.exploit-db.com/exploits/38983","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/38983"},{"reference_url":"https://www.exploit-db.com/exploits/38983/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/38983/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/09/5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/11/09/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/18/11","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/11/18/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/18/13","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/11/18/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/18/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/11/18/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282371","reference_id":"1282371","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282371"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/38983.rb","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/38983.rb"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11","reference_id":"CVE-2015-8103;OSVDB-130184","reference_type":"exploit","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"},{"reference_url":"https://github.com/advisories/GHSA-wfw7-6632-xcv2","reference_id":"GHSA-wfw7-6632-xcv2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wfw7-6632-xcv2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-8103","GHSA-wfw7-6632-xcv2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y98n-4vek-qqae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55853?format=json","vulnerability_id":"VCID-z8u1-jrvf-43d7","summary":"Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack\nJenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0489.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0070","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0070"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7538.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7538.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7538","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46405","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7538"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/ba747888108d0db90d469c6d210b1df465d8fac1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/ba747888108d0db90d469c6d210b1df465d8fac1"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/ef2c0dc163695af3a57ad7a45571293377ff679b","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/ef2c0dc163695af3a57ad7a45571293377ff679b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7538","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7538"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291797","reference_id":"1291797","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291797"},{"reference_url":"https://github.com/advisories/GHSA-w7qm-fprw-cqgq","reference_id":"GHSA-w7qm-fprw-cqgq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7qm-fprw-cqgq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0489","reference_id":"RHSA-2016:0489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0489"}],"fixed_packages":[],"aliases":["CVE-2015-7538","GHSA-w7qm-fprw-cqgq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8u1-jrvf-43d7"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@1.625.3-1%3Farch=el6op"}