{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","type":"maven","namespace":"org.jenkins-ci.main","name":"jenkins-core","version":"2.44","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.45","latest_non_vulnerable_version":"2.555","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9034?format=json","vulnerability_id":"VCID-wb3y-k94s-eyb4","summary":"Deserialization of Untrusted Data\nJenkins is vulnerable to a remote code execution vulnerability involving the deserialization of various types in `javax.imageio` in XStream-based APIs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2608.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2608.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2608","reference_id":"","reference_type":"","scores":[{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86617","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86497","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86507","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86522","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86519","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86514","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86529","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86535","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86527","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86546","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86555","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86554","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86574","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86593","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.8661","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86605","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.8645","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.8646","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86478","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2608"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95953","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95953"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418724","reference_id":"1418724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2608","reference_id":"CVE-2017-2608","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2608"},{"reference_url":"https://github.com/advisories/GHSA-fwqr-3pvp-pjwq","reference_id":"GHSA-fwqr-3pvp-pjwq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwqr-3pvp-pjwq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27697?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.45","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.45"}],"aliases":["CVE-2017-2608","GHSA-fwqr-3pvp-pjwq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wb3y-k94s-eyb4"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9054?format=json","vulnerability_id":"VCID-1gnc-b5tg-3fhe","summary":"Inadequate Encryption Strength\nJenkins uses `AES ECB` block cipher mode without an `IV` for encrypting secrets, which makes Jenkins and the stored secrets vulnerable to unnecessary risks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2598.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2598.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2598","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18424","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18654","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18659","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1856","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18503","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18512","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18532","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18429","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18412","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18371","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18236","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18321","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18425","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18393","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18611","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1875","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18804","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18522","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18601","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2598"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95948","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95948"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418696","reference_id":"1418696","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418696"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2598","reference_id":"CVE-2017-2598","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2598"},{"reference_url":"https://github.com/advisories/GHSA-r9q2-3r6x-qmgp","reference_id":"GHSA-r9q2-3r6x-qmgp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r9q2-3r6x-qmgp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2598","GHSA-r9q2-3r6x-qmgp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gnc-b5tg-3fhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9008?format=json","vulnerability_id":"VCID-2zwg-a71p-r7hs","summary":"Improper Privilege Management\nJenkins is vulnerable to an insufficient permission check for periodic processes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2611.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2611.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2611","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52604","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52653","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52622","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.5266","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52667","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52651","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52602","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52613","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52576","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52517","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.5257","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52615","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52579","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52518","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52564","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.5259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52557","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52608","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52603","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2611"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95956","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95956"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418729","reference_id":"1418729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418729"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2611","reference_id":"CVE-2017-2611","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2611"},{"reference_url":"https://github.com/advisories/GHSA-3297-944x-j7x7","reference_id":"GHSA-3297-944x-j7x7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3297-944x-j7x7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2611","GHSA-3297-944x-j7x7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zwg-a71p-r7hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9007?format=json","vulnerability_id":"VCID-6cw8-67c2-1ugk","summary":"Information Exposure\nJenkins is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible. This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an `UnprotectedRootAction`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2606.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2606.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2606","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23648","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23874","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.2392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23937","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23893","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23838","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.2385","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23839","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23819","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23701","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.2369","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23654","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23532","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23614","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23682","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23628","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23864","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23983","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24023","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23807","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2606"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2606","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2606"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/09cfbc9cd5c9df7c763bc976b7f5c51266b63719","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/09cfbc9cd5c9df7c763bc976b7f5c51266b63719"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95962","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95962"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418717","reference_id":"1418717","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418717"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2606","reference_id":"CVE-2017-2606","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2606"},{"reference_url":"https://github.com/advisories/GHSA-6967-9vvv-4cmm","reference_id":"GHSA-6967-9vvv-4cmm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6967-9vvv-4cmm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2606","GHSA-6967-9vvv-4cmm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cw8-67c2-1ugk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9033?format=json","vulnerability_id":"VCID-8u35-jee9-5qes","summary":"Information Exposure\nIn Jenkins, monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2600.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2600.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2600","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10198","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10211","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10172","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10152","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10025","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10002","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10131","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10106","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10086","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1003","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09966","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10116","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10185","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1016","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09952","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10077","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10137","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10035","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10111","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10171","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2600"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95954","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95954"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418703","reference_id":"1418703","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418703"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2600","reference_id":"CVE-2017-2600","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2600"},{"reference_url":"https://github.com/advisories/GHSA-wj5c-j656-h5fw","reference_id":"GHSA-wj5c-j656-h5fw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wj5c-j656-h5fw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2600","GHSA-wj5c-j656-h5fw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8u35-jee9-5qes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9031?format=json","vulnerability_id":"VCID-fndu-scdw-jueh","summary":"Improper Authentication\nIn Jenkins, low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2604.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2604.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2604","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24797","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25068","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25028","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24974","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24986","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24978","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2495","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24893","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24882","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24838","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24713","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24789","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24852","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24777","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25051","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25128","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25168","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24941","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25009","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25054","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2604"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95959","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95959"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418714","reference_id":"1418714","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418714"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2604","reference_id":"CVE-2017-2604","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2604"},{"reference_url":"https://github.com/advisories/GHSA-m93h-5qmx-pphg","reference_id":"GHSA-m93h-5qmx-pphg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m93h-5qmx-pphg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2604","GHSA-m93h-5qmx-pphg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fndu-scdw-jueh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9037?format=json","vulnerability_id":"VCID-h23h-s8t3-byhr","summary":"Cross-site Scripting\nJenkins is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2610.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2610.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2610","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19042","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19268","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19221","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19167","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19127","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19136","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19144","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19037","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19026","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18982","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18861","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18944","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19043","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19007","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19227","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19412","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19129","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19209","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19262","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2610"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2610","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2610"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/307ed31caba68a46426b8c73a787a05add2c7489","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/307ed31caba68a46426b8c73a787a05add2c7489"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95951","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95951"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418727","reference_id":"1418727","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418727"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2610","reference_id":"CVE-2017-2610","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2610"},{"reference_url":"https://github.com/advisories/GHSA-jff5-55xj-4jcq","reference_id":"GHSA-jff5-55xj-4jcq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jff5-55xj-4jcq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2610","GHSA-jff5-55xj-4jcq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h23h-s8t3-byhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9050?format=json","vulnerability_id":"VCID-hgy1-h6aj-dbbu","summary":"Information Exposure\nJenkins is vulnerable to an information disclosure vulnerability in search suggestions. The `autocomplete` feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2609.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2609.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2609","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24316","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24573","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.2453","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24473","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24487","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24482","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24457","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24398","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24383","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24341","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24218","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24298","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.2436","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24296","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24557","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24672","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24445","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24513","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2609"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319"},{"reference_url":"http://www.securityfocus.com/bid/95964","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95964"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418726","reference_id":"1418726","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418726"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2609","reference_id":"CVE-2017-2609","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2609"},{"reference_url":"https://github.com/advisories/GHSA-v222-w2mw-xjc6","reference_id":"GHSA-v222-w2mw-xjc6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v222-w2mw-xjc6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2609","GHSA-v222-w2mw-xjc6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgy1-h6aj-dbbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9035?format=json","vulnerability_id":"VCID-kbj2-ymsz-5qe8","summary":"Information Exposure\nJenkins is vulnerable to a user data leak in disconnected agents' `config.xml` API. This could leak sensitive data such as API tokens.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2603.json","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2603.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2603","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06675","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06292","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06283","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06279","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06268","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06227","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06388","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06402","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06426","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06437","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06461","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06589","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06654","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0666","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06162","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06196","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06228","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06209","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06251","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2603"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2603","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2603"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/3cd946cbef82c6da5ccccf3890d0ae4e091c4265","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/3cd946cbef82c6da5ccccf3890d0ae4e091c4265"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95955","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95955"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418713","reference_id":"1418713","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418713"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2603","reference_id":"CVE-2017-2603","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:N/A:N"},{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2603"},{"reference_url":"https://github.com/advisories/GHSA-x55p-6526-xmmp","reference_id":"GHSA-x55p-6526-xmmp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x55p-6526-xmmp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2603","GHSA-x55p-6526-xmmp"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kbj2-ymsz-5qe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9043?format=json","vulnerability_id":"VCID-kzfk-8p92-3bgs","summary":"Cross-site Scripting\nJenkins is vulnerable to a persisted cross-site scripting vulnerability in console notes. Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2607.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2607.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2607","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14698","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14677","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14622","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14513","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1452","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14586","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14616","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14614","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14554","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14432","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14566","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14656","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14654","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14676","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14727","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14801","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14607","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14696","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14755","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14715","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2607"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2607","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2607"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"http://www.securityfocus.com/bid/95963","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95963"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418719","reference_id":"1418719","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418719"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2607","reference_id":"CVE-2017-2607","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2607"},{"reference_url":"https://github.com/advisories/GHSA-42m6-7xff-9v9m","reference_id":"GHSA-42m6-7xff-9v9m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-42m6-7xff-9v9m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2607","GHSA-42m6-7xff-9v9m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzfk-8p92-3bgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9030?format=json","vulnerability_id":"VCID-q58h-d9w2-8yez","summary":"Information Exposure\nJenkins is vulnerable to an improper exclusion of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2602.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2602.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2602","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37018","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37571","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37585","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37551","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37525","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37572","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37553","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37488","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37268","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37247","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37155","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37037","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37104","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37123","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37043","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3744","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37606","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37629","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37507","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37558","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2602"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2602","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2602"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/414ff7e30aba66bed18c4ee8a8660fb36fc8c655","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/414ff7e30aba66bed18c4ee8a8660fb36fc8c655"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95952","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95952"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418711","reference_id":"1418711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418711"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2602","reference_id":"CVE-2017-2602","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2602"},{"reference_url":"https://github.com/advisories/GHSA-ffgg-vphh-v273","reference_id":"GHSA-ffgg-vphh-v273","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffgg-vphh-v273"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2602","GHSA-ffgg-vphh-v273"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q58h-d9w2-8yez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8950?format=json","vulnerability_id":"VCID-rhrm-caa2-9kae","summary":"Improper Privilege Management\nJenkins is vulnerable to an insufficient permission check. This allows users with permissions to create new items to overwrite existing items they don't have access to.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2599.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2599.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2599","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36931","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37384","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3743","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37412","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37357","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37138","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37106","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3702","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36901","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36969","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36987","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36909","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37354","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37518","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37542","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3737","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37421","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37433","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37446","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37411","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2599"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338f366853ce89","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338f366853ce89"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95949","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95949"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418698","reference_id":"1418698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418698"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2599","reference_id":"CVE-2017-2599","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2599"},{"reference_url":"https://github.com/advisories/GHSA-7r4h-2h23-6jq9","reference_id":"GHSA-7r4h-2h23-6jq9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7r4h-2h23-6jq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2599","GHSA-7r4h-2h23-6jq9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhrm-caa2-9kae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7994?format=json","vulnerability_id":"VCID-sanw-xj8r-1kbb","summary":"Information Exposure\nThe re-key admin monitor in Jenkins re-encrypts all secrets in `JENKINS_HOME` with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups are world-readable and not removed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000362.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000362.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000362","reference_id":"","reference_type":"","scores":[{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79346","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79219","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79204","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79221","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79218","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79253","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79259","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79276","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79289","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79309","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79327","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79328","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79145","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79151","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79176","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79187","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79195","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000362"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/0be33cf7328fad6a7596ce9505a74561a8b1eb85","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/0be33cf7328fad6a7596ce9505a74561a8b1eb85"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/a572450f039fdb99410fcf6eb0ba307bd69ea458","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/a572450f039fdb99410fcf6eb0ba307bd69ea458"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418716","reference_id":"1418716","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418716"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000362","reference_id":"CVE-2017-1000362","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000362"},{"reference_url":"https://github.com/advisories/GHSA-92mr-4w2q-4578","reference_id":"GHSA-92mr-4w2q-4578","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92mr-4w2q-4578"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24338?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@1.625","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625"},{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-1000362","GHSA-92mr-4w2q-4578"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sanw-xj8r-1kbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9027?format=json","vulnerability_id":"VCID-v2ky-wpb2-6qhk","summary":"Cross-site Scripting\nJenkins is vulnerable to a persisted cross-site scripting in parameter names and descriptions. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2601.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2601.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2601","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5577","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55788","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55731","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55683","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55739","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55745","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55776","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55796","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55774","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55662","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55843","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55801","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55819","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55839","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5583","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55827","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2601"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2601","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2601"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/fd2e081b947124c90bcd97bfc55e1a7f2ef41a74","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/fd2e081b947124c90bcd97bfc55e1a7f2ef41a74"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/12/5","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/04/12/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/05/17/8","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/05/17/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/06/22/3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/06/22/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/06/30/3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/06/30/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/10/19/3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/10/19/3"},{"reference_url":"http://www.securityfocus.com/bid/95960","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95960"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418707","reference_id":"1418707","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2601","reference_id":"CVE-2017-2601","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2601"},{"reference_url":"https://github.com/advisories/GHSA-r69c-5j7c-vm6q","reference_id":"GHSA-r69c-5j7c-vm6q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r69c-5j7c-vm6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2601","GHSA-r69c-5j7c-vm6q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2ky-wpb2-6qhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9034?format=json","vulnerability_id":"VCID-wb3y-k94s-eyb4","summary":"Deserialization of Untrusted Data\nJenkins is vulnerable to a remote code execution vulnerability involving the deserialization of various types in `javax.imageio` in XStream-based APIs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2608.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2608.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2608","reference_id":"","reference_type":"","scores":[{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86617","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86497","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86507","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86522","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86519","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86514","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86529","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86535","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86527","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86546","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86555","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86554","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86574","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86593","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.8661","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86605","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.8645","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.8646","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02976","scoring_system":"epss","scoring_elements":"0.86478","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2608"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95953","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95953"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418724","reference_id":"1418724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2608","reference_id":"CVE-2017-2608","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2608"},{"reference_url":"https://github.com/advisories/GHSA-fwqr-3pvp-pjwq","reference_id":"GHSA-fwqr-3pvp-pjwq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwqr-3pvp-pjwq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"},{"url":"http://public2.vulnerablecode.io/api/packages/27697?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.45","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.45"}],"aliases":["CVE-2017-2608","GHSA-fwqr-3pvp-pjwq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wb3y-k94s-eyb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9029?format=json","vulnerability_id":"VCID-yw8v-fqar-z7b5","summary":"Incorrect Permission Assignment for Critical Resource\nIn Jenkins low privilege users were able to override JDK download credentials, resulting in future builds possibly failing to download a JDK.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2612.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2612.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2612","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30359","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30947","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30904","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3086","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30891","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30871","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30837","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30674","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30557","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30473","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30332","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30404","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30411","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30335","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30863","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30989","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.31037","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30855","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30913","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30943","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2612"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95957","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418730","reference_id":"1418730","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418730"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2612","reference_id":"CVE-2017-2612","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:P"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2612"},{"reference_url":"https://github.com/advisories/GHSA-wf9g-rh76-6jvr","reference_id":"GHSA-wf9g-rh76-6jvr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf9g-rh76-6jvr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2612","GHSA-wf9g-rh76-6jvr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yw8v-fqar-z7b5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9032?format=json","vulnerability_id":"VCID-zb9r-zjt8-wqae","summary":"Cross-Site Request Forgery (CSRF)\nJenkins is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create user records.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2613.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2613.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2613","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18611","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18756","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18706","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18719","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18736","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18622","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.186","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18558","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18431","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18517","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18619","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18581","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18803","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18942","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18995","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18718","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1885","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18855","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18808","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2613"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/b88b20ec473200db35d0a0d29dcf192069106601","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/b88b20ec473200db35d0a0d29dcf192069106601"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2017-02-01"},{"reference_url":"https://jenkins.io/security/advisory/2017-02-01/","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2017-02-01/"},{"reference_url":"http://www.securityfocus.com/bid/95967","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95967"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418731","reference_id":"1418731","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418731"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2613","reference_id":"CVE-2017-2613","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:P"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2613"},{"reference_url":"https://github.com/advisories/GHSA-pwv6-872c-gcg6","reference_id":"GHSA-pwv6-872c-gcg6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pwv6-872c-gcg6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27482?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnc-b5tg-3fhe"},{"vulnerability":"VCID-2zwg-a71p-r7hs"},{"vulnerability":"VCID-6cw8-67c2-1ugk"},{"vulnerability":"VCID-8u35-jee9-5qes"},{"vulnerability":"VCID-fndu-scdw-jueh"},{"vulnerability":"VCID-h23h-s8t3-byhr"},{"vulnerability":"VCID-hgy1-h6aj-dbbu"},{"vulnerability":"VCID-kbj2-ymsz-5qe8"},{"vulnerability":"VCID-kzfk-8p92-3bgs"},{"vulnerability":"VCID-q58h-d9w2-8yez"},{"vulnerability":"VCID-rhrm-caa2-9kae"},{"vulnerability":"VCID-v2ky-wpb2-6qhk"},{"vulnerability":"VCID-wb3y-k94s-eyb4"},{"vulnerability":"VCID-yw8v-fqar-z7b5"},{"vulnerability":"VCID-zb9r-zjt8-wqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27483?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wb3y-k94s-eyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}],"aliases":["CVE-2017-2613","GHSA-pwv6-872c-gcg6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zb9r-zjt8-wqae"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.44"}