{"url":"http://public2.vulnerablecode.io/api/packages/25541?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/deployer-framework@85.v1d1888e8c021","type":"maven","namespace":"org.jenkins-ci.plugins","name":"deployer-framework","version":"85.v1d1888e8c021","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"86.v7b_a_4a_55b_f3ec","latest_non_vulnerable_version":"86.v7b_a_4a_55b_f3ec","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211102?format=json","vulnerability_id":"VCID-fj24-q2zv-5kge","summary":"Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36889","reference_id":"","reference_type":"","scores":[{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75768","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75698","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36889"},{"reference_url":"https://github.com/jenkinsci/deployer-framework-plugin","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/deployer-framework-plugin"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2764","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2764"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36889","reference_id":"CVE-2022-36889","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36889"},{"reference_url":"https://github.com/advisories/GHSA-j5qq-6rpm-qjgh","reference_id":"GHSA-j5qq-6rpm-qjgh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j5qq-6rpm-qjgh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25542?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/deployer-framework@86.v7b_a_4a_55b_f3ec","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/deployer-framework@86.v7b_a_4a_55b_f3ec"}],"aliases":["CVE-2022-36889","GHSA-j5qq-6rpm-qjgh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fj24-q2zv-5kge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211104?format=json","vulnerability_id":"VCID-vq1k-v2j9-5fd3","summary":"Jenkins Deployer Framework Plugin vulnerable to Path Traversal","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36890","reference_id":"","reference_type":"","scores":[{"value":"0.00661","scoring_system":"epss","scoring_elements":"0.71705","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00661","scoring_system":"epss","scoring_elements":"0.71619","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36890"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2206","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2206"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36890","reference_id":"CVE-2022-36890","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36890"},{"reference_url":"https://github.com/advisories/GHSA-hgp9-2c4w-x9mh","reference_id":"GHSA-hgp9-2c4w-x9mh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgp9-2c4w-x9mh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25542?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/deployer-framework@86.v7b_a_4a_55b_f3ec","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/deployer-framework@86.v7b_a_4a_55b_f3ec"}],"aliases":["CVE-2022-36890","GHSA-hgp9-2c4w-x9mh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vq1k-v2j9-5fd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211122?format=json","vulnerability_id":"VCID-wd8e-va6s-kycx","summary":"Jenkins Deployer Framework Plugin allows attackers with Item/Read permission to read deployment logs","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36891","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36597","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36416","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36891"},{"reference_url":"https://github.com/jenkinsci/deployer-framework-plugin/commit/7ba4a55bf3ec567ee5325ea7b24b4086ac1cb3ad","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/deployer-framework-plugin/commit/7ba4a55bf3ec567ee5325ea7b24b4086ac1cb3ad"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2205","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2205"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36891","reference_id":"CVE-2022-36891","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36891"},{"reference_url":"https://github.com/advisories/GHSA-rqqx-fvqx-539g","reference_id":"GHSA-rqqx-fvqx-539g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rqqx-fvqx-539g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25542?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/deployer-framework@86.v7b_a_4a_55b_f3ec","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/deployer-framework@86.v7b_a_4a_55b_f3ec"}],"aliases":["CVE-2022-36891","GHSA-rqqx-fvqx-539g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wd8e-va6s-kycx"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/deployer-framework@85.v1d1888e8c021"}