Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.plugins/plain-credentials@183.va

Type maven

Namespace org.jenkins-ci.plugins

Name plain-credentials

Version 183.va

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-sw8s-1pnd-hyds

vulnerability_id VCID-sw8s-1pnd-hyds

summary In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39459.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39459.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-39459

reference_id

reference_type

scores

value	0.00162
scoring_system	epss
scoring_elements	0.36871
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-39459

reference_url

https://github.com/jenkinsci/plain-credentials-plugin

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/plain-credentials-plugin

reference_url

https://github.com/jenkinsci/plain-credentials-plugin/commit/ade8f1dd5a2bc69357995fd50baac56d73f80813

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/plain-credentials-plugin/commit/ade8f1dd5a2bc69357995fd50baac56d73f80813

reference_url

http://www.openwall.com/lists/oss-security/2024/06/26/2

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T18:32:42Z/

url

http://www.openwall.com/lists/oss-security/2024/06/26/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2294463
reference_id	2294463
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2294463

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-39459

reference_id

CVE-2024-39459

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-39459

reference_url

https://github.com/advisories/GHSA-3cpq-rw36-cppv

reference_id

GHSA-3cpq-rw36-cppv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3cpq-rw36-cppv

reference_url

https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-2495

reference_id

#SECURITY-2495

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T18:32:42Z/

url

https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-2495

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins/plain-credentials@183.va
purl	pkg:maven/org.jenkins-ci.plugins/plain-credentials@183.va
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/plain-credentials@183.va

aliases CVE-2024-39459, GHSA-3cpq-rw36-cppv

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sw8s-1pnd-hyds

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/plain-credentials@183.va

Package Instance