{"url":"http://public2.vulnerablecode.io/api/packages/338945?format=json","purl":"pkg:rpm/redhat/jenkins-2-plugins@4.9.1675668922-1?arch=el8","type":"rpm","namespace":"redhat","name":"jenkins-2-plugins","version":"4.9.1675668922-1","qualifiers":{"arch":"el8"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211516?format=json","vulnerability_id":"VCID-1hvx-2h1t-n7hj","summary":"Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45379.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45379.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45379","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58812","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.587","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58817","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58827","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45379"},{"reference_url":"https://github.com/jenkinsci/script-security-plugin","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/script-security-plugin"},{"reference_url":"https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143090","reference_id":"2143090","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45379","reference_id":"CVE-2022-45379","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45379"},{"reference_url":"https://github.com/advisories/GHSA-fv42-mx39-6fpw","reference_id":"GHSA-fv42-mx39-6fpw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fv42-mx39-6fpw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"}],"fixed_packages":[],"aliases":["CVE-2022-45379","GHSA-fv42-mx39-6fpw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hvx-2h1t-n7hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208087?format=json","vulnerability_id":"VCID-24zg-76th-b7a9","summary":"PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7692.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7692","reference_id":"","reference_type":"","scores":[{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25684","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25884","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25901","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25883","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7692"},{"reference_url":"https://github.com/googleapis/google-oauth-java-client","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/googleapis/google-oauth-java-client"},{"reference_url":"https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824"},{"reference_url":"https://github.com/googleapis/google-oauth-java-client/issues/469","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/googleapis/google-oauth-java-client/issues/469"},{"reference_url":"https://lists.apache.org/thread.html/r3db6ac73e0558d64f0b664f2fa4ef0a865e57c5de20f8321d3b48678@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3db6ac73e0558d64f0b664f2fa4ef0a865e57c5de20f8321d3b48678@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/reae8909b264d1103f321b9ce1623c10c1ddc77dba9790247f2c0c90f@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/reae8909b264d1103f321b9ce1623c10c1ddc77dba9790247f2c0c90f@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7692","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7692"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276"},{"reference_url":"https://tools.ietf.org/html/rfc7636%23section-1","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tools.ietf.org/html/rfc7636%23section-1"},{"reference_url":"https://tools.ietf.org/html/rfc8252%23section-8.1","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tools.ietf.org/html/rfc8252%23section-8.1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1856376","reference_id":"1856376","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1856376"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944","reference_id":"988944","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944"},{"reference_url":"https://github.com/advisories/GHSA-f263-c949-w85g","reference_id":"GHSA-f263-c949-w85g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f263-c949-w85g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3299","reference_id":"RHSA-2023:3299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6172","reference_id":"RHSA-2023:6172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0778","reference_id":"RHSA-2024:0778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0778"}],"fixed_packages":[],"aliases":["CVE-2020-7692","GHSA-f263-c949-w85g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24zg-76th-b7a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211468?format=json","vulnerability_id":"VCID-282p-1cbn-1ydr","summary":"Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43404.json","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43404","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40262","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4043","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40441","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40452","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43404"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136383","reference_id":"2136383","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136383"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43404","reference_id":"CVE-2022-43404","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43404"},{"reference_url":"https://github.com/advisories/GHSA-27rf-8mjp-r363","reference_id":"GHSA-27rf-8mjp-r363","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-27rf-8mjp-r363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"}],"fixed_packages":[],"aliases":["CVE-2022-43404","GHSA-27rf-8mjp-r363"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"8.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-282p-1cbn-1ydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163169?format=json","vulnerability_id":"VCID-2ef9-4t7c-9kd6","summary":"Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43407.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43407.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43407","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0545","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05458","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05464","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05439","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43407"},{"reference_url":"https://github.com/jenkinsci/pipeline-input-step-plugin","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/pipeline-input-step-plugin"},{"reference_url":"https://github.com/jenkinsci/pipeline-input-step-plugin/commit/d8a957db5be95ddfbf81f41a60b2f034000314b5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/pipeline-input-step-plugin/commit/d8a957db5be95ddfbf81f41a60b2f034000314b5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136386","reference_id":"2136386","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136386"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/10/19/3","reference_id":"3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T19:25:07Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/10/19/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43407","reference_id":"CVE-2022-43407","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43407"},{"reference_url":"https://github.com/advisories/GHSA-g66m-fqxf-3w35","reference_id":"GHSA-g66m-fqxf-3w35","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g66m-fqxf-3w35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880","reference_id":"#SECURITY-2880","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T19:25:07Z/"}],"url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880"}],"fixed_packages":[],"aliases":["CVE-2022-43407","GHSA-g66m-fqxf-3w35"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ef9-4t7c-9kd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211467?format=json","vulnerability_id":"VCID-2gbh-nhbd-vyb3","summary":"Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43405.json","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43405.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43405","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41483","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41648","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41656","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41666","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43405"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136374","reference_id":"2136374","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136374"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43405","reference_id":"CVE-2022-43405","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43405"},{"reference_url":"https://github.com/advisories/GHSA-4hjj-9gp7-4frg","reference_id":"GHSA-4hjj-9gp7-4frg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4hjj-9gp7-4frg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"}],"fixed_packages":[],"aliases":["CVE-2022-43405","GHSA-4hjj-9gp7-4frg"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"8.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gbh-nhbd-vyb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166013?format=json","vulnerability_id":"VCID-44sb-6uzy-3be8","summary":"Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45380.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45380.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45380","reference_id":"","reference_type":"","scores":[{"value":"0.02201","scoring_system":"epss","scoring_elements":"0.84841","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02201","scoring_system":"epss","scoring_elements":"0.84848","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02201","scoring_system":"epss","scoring_elements":"0.8484","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02201","scoring_system":"epss","scoring_elements":"0.84788","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45380"},{"reference_url":"https://github.com/jenkinsci/junit-plugin","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/junit-plugin"},{"reference_url":"https://github.com/jenkinsci/junit-plugin/commit/f1f01aaeab7fa35017112f6163b89283390f5da8","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/junit-plugin/commit/f1f01aaeab7fa35017112f6163b89283390f5da8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143086","reference_id":"2143086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143086"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/15/4","reference_id":"4","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:11:41Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/15/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45380","reference_id":"CVE-2022-45380","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45380"},{"reference_url":"https://github.com/advisories/GHSA-298r-5c48-7q2r","reference_id":"GHSA-298r-5c48-7q2r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-298r-5c48-7q2r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888","reference_id":"#SECURITY-2888","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T14:11:41Z/"}],"url":"https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888"}],"fixed_packages":[],"aliases":["CVE-2022-45380","GHSA-298r-5c48-7q2r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44sb-6uzy-3be8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211470?format=json","vulnerability_id":"VCID-6edu-x9e7-mqg4","summary":"Jenkins Script Security Plugin sandbox bypass vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43403.json","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43403.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43403","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.54028","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53903","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.54032","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.54046","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43403"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)"},{"reference_url":"https://www.secpod.com/blog/oracle-releases-critical-security-updates-january-2023-patch-now","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.secpod.com/blog/oracle-releases-critical-security-updates-january-2023-patch-now"},{"reference_url":"https://www.secpod.com/blog/oracle-releases-critical-security-updates-january-2023-patch-now/","reference_id":"","reference_type":"","scores":[],"url":"https://www.secpod.com/blog/oracle-releases-critical-security-updates-january-2023-patch-now/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136382","reference_id":"2136382","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136382"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43403","reference_id":"CVE-2022-43403","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43403"},{"reference_url":"https://github.com/advisories/GHSA-f6mq-6fx5-w2ch","reference_id":"GHSA-f6mq-6fx5-w2ch","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f6mq-6fx5-w2ch"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"}],"fixed_packages":[],"aliases":["CVE-2022-43403","GHSA-f6mq-6fx5-w2ch"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6edu-x9e7-mqg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211134?format=json","vulnerability_id":"VCID-6fdz-pavg-uydu","summary":"Lack of authentication mechanism in Jenkins Git Plugin webhook","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36884.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36884.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36884","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57814","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57821","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57699","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.5783","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36884"},{"reference_url":"https://github.com/jenkinsci/git-plugin/commit/b46165c74a0bf15e08763de2e506005624d5d238","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/git-plugin/commit/b46165c74a0bf15e08763de2e506005624d5d238"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119657","reference_id":"2119657","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119657"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36884","reference_id":"CVE-2022-36884","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36884"},{"reference_url":"https://github.com/advisories/GHSA-449w-c77c-vmf6","reference_id":"GHSA-449w-c77c-vmf6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-449w-c77c-vmf6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0017","reference_id":"RHSA-2023:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"}],"fixed_packages":[],"aliases":["CVE-2022-36884","GHSA-449w-c77c-vmf6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fdz-pavg-uydu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163164?format=json","vulnerability_id":"VCID-79jf-4v34-5feg","summary":"Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43409.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43409.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43409","reference_id":"","reference_type":"","scores":[{"value":"0.04368","scoring_system":"epss","scoring_elements":"0.89248","published_at":"2026-06-14T12:55:00Z"},{"value":"0.04368","scoring_system":"epss","scoring_elements":"0.89239","published_at":"2026-06-12T12:55:00Z"},{"value":"0.04368","scoring_system":"epss","scoring_elements":"0.89202","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43409"},{"reference_url":"https://github.com/jenkinsci/workflow-support-plugin","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/workflow-support-plugin"},{"reference_url":"https://github.com/jenkinsci/workflow-support-plugin/commit/35e2736cfd5c56799eece176328906d92b6a0dd1","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/workflow-support-plugin/commit/35e2736cfd5c56799eece176328906d92b6a0dd1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136391","reference_id":"2136391","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136391"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/10/19/3","reference_id":"3","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:24:01Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/10/19/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43409","reference_id":"CVE-2022-43409","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43409"},{"reference_url":"https://github.com/advisories/GHSA-64r9-x74q-wxmh","reference_id":"GHSA-64r9-x74q-wxmh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-64r9-x74q-wxmh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881","reference_id":"#SECURITY-2881","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:24:01Z/"}],"url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881"}],"fixed_packages":[],"aliases":["CVE-2022-43409","GHSA-64r9-x74q-wxmh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79jf-4v34-5feg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166009?format=json","vulnerability_id":"VCID-8drq-ax12-d7h5","summary":"Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45381.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45381.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45381","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54556","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54682","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54698","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54681","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45381"},{"reference_url":"https://github.com/jenkinsci/pipeline-utility-steps-plugin","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/pipeline-utility-steps-plugin"},{"reference_url":"https://github.com/jenkinsci/pipeline-utility-steps-plugin/commit/01be8ac0045027128fc1e9cf3a8b0709d08291ea","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/pipeline-utility-steps-plugin/commit/01be8ac0045027128fc1e9cf3a8b0709d08291ea"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143089","reference_id":"2143089","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2143089"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/15/4","reference_id":"4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:10:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/15/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45381","reference_id":"CVE-2022-45381","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45381"},{"reference_url":"https://github.com/advisories/GHSA-3g9q-cmgv-g4p6","reference_id":"GHSA-3g9q-cmgv-g4p6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3g9q-cmgv-g4p6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2949","reference_id":"#SECURITY-2949","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T14:10:21Z/"}],"url":"https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2949"}],"fixed_packages":[],"aliases":["CVE-2022-45381","GHSA-3g9q-cmgv-g4p6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8drq-ax12-d7h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11661?format=json","vulnerability_id":"VCID-f9a3-vz93-zqcq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25857.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25857.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25857","reference_id":"","reference_type":"","scores":[{"value":"0.02005","scoring_system":"epss","scoring_elements":"0.84118","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02005","scoring_system":"epss","scoring_elements":"0.84123","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0292","scoring_system":"epss","scoring_elements":"0.86748","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0292","scoring_system":"epss","scoring_elements":"0.867","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25857"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/525","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/525"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/jruby/jruby/issues/7342","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/jruby/jruby/issues/7342"},{"reference_url":"https://github.com/snakeyaml/snakeyaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/snakeyaml/snakeyaml"},{"reference_url":"https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240315-0010","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240315-0010"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019218","reference_id":"1019218","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019218"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2126789","reference_id":"2126789","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2126789"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25857","reference_id":"CVE-2022-25857","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25857"},{"reference_url":"https://github.com/advisories/GHSA-3mc7-4q67-w48m","reference_id":"GHSA-3mc7-4q67-w48m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3mc7-4q67-w48m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6757","reference_id":"RHSA-2022:6757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6820","reference_id":"RHSA-2022:6820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6821","reference_id":"RHSA-2022:6821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6822","reference_id":"RHSA-2022:6822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6823","reference_id":"RHSA-2022:6823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6825","reference_id":"RHSA-2022:6825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6825"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6835","reference_id":"RHSA-2022:6835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6941","reference_id":"RHSA-2022:6941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8524","reference_id":"RHSA-2022:8524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8652","reference_id":"RHSA-2022:8652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8876","reference_id":"RHSA-2022:8876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1043","reference_id":"RHSA-2023:1043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1044","reference_id":"RHSA-2023:1044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1045","reference_id":"RHSA-2023:1045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1047","reference_id":"RHSA-2023:1047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1049","reference_id":"RHSA-2023:1049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4983","reference_id":"RHSA-2023:4983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6172","reference_id":"RHSA-2023:6172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6179","reference_id":"RHSA-2023:6179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7288","reference_id":"RHSA-2023:7288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7697","reference_id":"RHSA-2023:7697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0776","reference_id":"RHSA-2024:0776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0776"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0777","reference_id":"RHSA-2024:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0778","reference_id":"RHSA-2024:0778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4226","reference_id":"RHSA-2025:4226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"},{"reference_url":"https://usn.ubuntu.com/5944-1/","reference_id":"USN-5944-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5944-1/"}],"fixed_packages":[],"aliases":["CVE-2022-25857","GHSA-3mc7-4q67-w48m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f9a3-vz93-zqcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211130?format=json","vulnerability_id":"VCID-kshy-a9qd-9ue3","summary":"Lack of authentication mechanism in Jenkins Git Plugin webhook","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36883.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36883.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36883","reference_id":"","reference_type":"","scores":[{"value":"0.8079","scoring_system":"epss","scoring_elements":"0.99172","published_at":"2026-06-14T12:55:00Z"},{"value":"0.8079","scoring_system":"epss","scoring_elements":"0.99169","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36883"},{"reference_url":"https://github.com/jenkinsci/git-plugin","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/git-plugin"},{"reference_url":"https://github.com/jenkinsci/git-plugin/commit/b46165c74a0bf15e08763de2e506005624d5d238","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/git-plugin/commit/b46165c74a0bf15e08763de2e506005624d5d238"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119656","reference_id":"2119656","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119656"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36883","reference_id":"CVE-2022-36883","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36883"},{"reference_url":"https://github.com/advisories/GHSA-v878-67xw-grw2","reference_id":"GHSA-v878-67xw-grw2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v878-67xw-grw2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0017","reference_id":"RHSA-2023:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"}],"fixed_packages":[],"aliases":["CVE-2022-36883","GHSA-v878-67xw-grw2"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kshy-a9qd-9ue3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351775?format=json","vulnerability_id":"VCID-pae5-c62h-q7a9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30952.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30952.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30952","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31772","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.3196","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31977","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31956","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30952"},{"reference_url":"https://github.com/jenkinsci/blueocean-plugin/commit/c4beeda0b574c297ac664511029feed0a15abaf1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/blueocean-plugin/commit/c4beeda0b574c297ac664511029feed0a15abaf1"},{"reference_url":"https://github.com/jenkinsci/blueocean-plugin/tree/master/blueocean-pipeline-scm-api","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/blueocean-plugin/tree/master/blueocean-pipeline-scm-api"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30952","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30952"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-714","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-714"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/05/17/8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/05/17/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119645","reference_id":"2119645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119645"},{"reference_url":"https://github.com/advisories/GHSA-g74w-93cp-5p3p","reference_id":"GHSA-g74w-93cp-5p3p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g74w-93cp-5p3p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0017","reference_id":"RHSA-2023:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"}],"fixed_packages":[],"aliases":["CVE-2022-30952","GHSA-g74w-93cp-5p3p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pae5-c62h-q7a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165855?format=json","vulnerability_id":"VCID-pe9e-5tw4-rfbf","summary":"Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45047.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45047.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45047","reference_id":"","reference_type":"","scores":[{"value":"0.05991","scoring_system":"epss","scoring_elements":"0.90917","published_at":"2026-06-14T12:55:00Z"},{"value":"0.05991","scoring_system":"epss","scoring_elements":"0.90918","published_at":"2026-06-13T12:55:00Z"},{"value":"0.05991","scoring_system":"epss","scoring_elements":"0.90911","published_at":"2026-06-12T12:55:00Z"},{"value":"0.05991","scoring_system":"epss","scoring_elements":"0.90882","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45047"},{"reference_url":"https://github.com/apache/mina-sshd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/mina-sshd"},{"reference_url":"https://github.com/apache/mina-sshd/commit/03238d51586f6b3c0bdbb1a23cf16799344d6c32","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/mina-sshd/commit/03238d51586f6b3c0bdbb1a23cf16799344d6c32"},{"reference_url":"https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0"},{"reference_url":"https://github.com/apache/mina-sshd/commit/5a8fe830b2a2308a2b24ac8115a391af477f64f5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/mina-sshd/commit/5a8fe830b2a2308a2b24ac8115a391af477f64f5"},{"reference_url":"https://www.mail-archive.com/dev@mina.apache.org/msg39312.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2145194","reference_id":"2145194","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2145194"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45047","reference_id":"CVE-2022-45047","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45047"},{"reference_url":"https://github.com/advisories/GHSA-fhw8-8j55-vwgq","reference_id":"GHSA-fhw8-8j55-vwgq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fhw8-8j55-vwgq"},{"reference_url":"https://www.mail-archive.com/dev%40mina.apache.org/msg39312.html","reference_id":"msg39312.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-01T03:55:36Z/"}],"url":"https://www.mail-archive.com/dev%40mina.apache.org/msg39312.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240216-0008/","reference_id":"ntap-20240216-0008","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-01T03:55:36Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240216-0008/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8957","reference_id":"RHSA-2022:8957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0074","reference_id":"RHSA-2023:0074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0713","reference_id":"RHSA-2023:0713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0758","reference_id":"RHSA-2023:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1043","reference_id":"RHSA-2023:1043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1044","reference_id":"RHSA-2023:1044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1045","reference_id":"RHSA-2023:1045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1047","reference_id":"RHSA-2023:1047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1049","reference_id":"RHSA-2023:1049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4983","reference_id":"RHSA-2023:4983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5396","reference_id":"RHSA-2023:5396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1747","reference_id":"RHSA-2025:1747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1747"}],"fixed_packages":[],"aliases":["CVE-2022-45047","GHSA-fhw8-8j55-vwgq"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pe9e-5tw4-rfbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351769?format=json","vulnerability_id":"VCID-r8x8-fygj-77bn","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30946.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30946.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30946","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27834","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28032","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28057","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28046","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30946"},{"reference_url":"https://github.com/jenkinsci/script-security-plugin","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/script-security-plugin"},{"reference_url":"https://github.com/jenkinsci/script-security-plugin/commit/35f6a0b8207ed3a32a85f27c1312da6cd738eeaa","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/script-security-plugin/commit/35f6a0b8207ed3a32a85f27c1312da6cd738eeaa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30946","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30946"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2116","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2116"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/05/17/8","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/05/17/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119643","reference_id":"2119643","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119643"},{"reference_url":"https://github.com/advisories/GHSA-qwgx-mrv5-87j8","reference_id":"GHSA-qwgx-mrv5-87j8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwgx-mrv5-87j8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0017","reference_id":"RHSA-2023:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"}],"fixed_packages":[],"aliases":["CVE-2022-30946","GHSA-qwgx-mrv5-87j8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8x8-fygj-77bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211465?format=json","vulnerability_id":"VCID-udcj-gpwk-uudj","summary":"Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43401.json","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43401.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43401","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45829","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45974","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45968","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45982","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43401"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136381","reference_id":"2136381","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136381"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43401","reference_id":"CVE-2022-43401","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43401"},{"reference_url":"https://github.com/advisories/GHSA-7vr5-72w7-q6jc","reference_id":"GHSA-7vr5-72w7-q6jc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vr5-72w7-q6jc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"}],"fixed_packages":[],"aliases":["CVE-2022-43401","GHSA-7vr5-72w7-q6jc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"8.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-udcj-gpwk-uudj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211132?format=json","vulnerability_id":"VCID-vftd-1z64-mba7","summary":"Lack of authentication mechanism in Jenkins Git Plugin webhook","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36882.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36882.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36882","reference_id":"","reference_type":"","scores":[{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67139","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67047","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67152","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36882"},{"reference_url":"https://github.com/jenkinsci/git-plugin/commit/b46165c74a0bf15e08763de2e506005624d5d238","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/git-plugin/commit/b46165c74a0bf15e08763de2e506005624d5d238"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2116840","reference_id":"2116840","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2116840"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36882","reference_id":"CVE-2022-36882","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36882"},{"reference_url":"https://github.com/advisories/GHSA-8xwj-2wgh-gprh","reference_id":"GHSA-8xwj-2wgh-gprh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xwj-2wgh-gprh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0017","reference_id":"RHSA-2023:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"}],"fixed_packages":[],"aliases":["CVE-2022-36882","GHSA-8xwj-2wgh-gprh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vftd-1z64-mba7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211469?format=json","vulnerability_id":"VCID-vm4d-svqb-dfh6","summary":"Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43406.json","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43406.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43406","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41483","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41648","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41656","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41666","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43406"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136370","reference_id":"2136370","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136370"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43406","reference_id":"CVE-2022-43406","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43406"},{"reference_url":"https://github.com/advisories/GHSA-7qw2-h9gj-hcvh","reference_id":"GHSA-7qw2-h9gj-hcvh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7qw2-h9gj-hcvh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"}],"fixed_packages":[],"aliases":["CVE-2022-43406","GHSA-7qw2-h9gj-hcvh"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"8.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vm4d-svqb-dfh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351777?format=json","vulnerability_id":"VCID-vyvx-hyzd-zkan","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30954.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30954.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30954","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16551","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.167","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16711","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16684","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30954"},{"reference_url":"https://github.com/jenkinsci/blueocean-plugin","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/blueocean-plugin"},{"reference_url":"https://github.com/jenkinsci/blueocean-plugin/commit/ffd89b675b172c86613459935fe220dc2bba0c57","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/blueocean-plugin/commit/ffd89b675b172c86613459935fe220dc2bba0c57"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30954","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30954"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/05/17/8","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/05/17/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119647","reference_id":"2119647","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119647"},{"reference_url":"https://github.com/advisories/GHSA-5m4q-x28v-q6wp","reference_id":"GHSA-5m4q-x28v-q6wp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5m4q-x28v-q6wp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0017","reference_id":"RHSA-2023:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3610","reference_id":"RHSA-2023:3610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3622","reference_id":"RHSA-2023:3622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3622"}],"fixed_packages":[],"aliases":["CVE-2022-30954","GHSA-5m4q-x28v-q6wp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vyvx-hyzd-zkan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211129?format=json","vulnerability_id":"VCID-wbwg-kc2b-4qhc","summary":"Jenkins GitHub plugin uses weak webhook signature function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36885.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36885.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36885","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38735","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38563","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38748","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38758","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36885"},{"reference_url":"https://github.com/jenkinsci/github-plugin","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/github-plugin"},{"reference_url":"https://github.com/jenkinsci/github-plugin/commit/11d1d79ebf85248dc43432389746c1ecc3452b6a","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/github-plugin/commit/11d1d79ebf85248dc43432389746c1ecc3452b6a"},{"reference_url":"https://github.com/jenkinsci/github-plugin/releases/tag/v1.34.5","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/github-plugin/releases/tag/v1.34.5"},{"reference_url":"https://plugins.jenkins.io/github-issues","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://plugins.jenkins.io/github-issues"},{"reference_url":"https://plugins.jenkins.io/github-issues/","reference_id":"","reference_type":"","scores":[],"url":"https://plugins.jenkins.io/github-issues/"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1849","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1849"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119658","reference_id":"2119658","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119658"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36885","reference_id":"CVE-2022-36885","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36885"},{"reference_url":"https://github.com/advisories/GHSA-mxcc-7h5m-x57r","reference_id":"GHSA-mxcc-7h5m-x57r","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxcc-7h5m-x57r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0017","reference_id":"RHSA-2023:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"}],"fixed_packages":[],"aliases":["CVE-2022-36885","GHSA-mxcc-7h5m-x57r"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbwg-kc2b-4qhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163253?format=json","vulnerability_id":"VCID-xsy5-wuvz-juh6","summary":"Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43408.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43408","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.04112","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.04103","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.04113","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.04095","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43408"},{"reference_url":"https://github.com/jenkinsci/pipeline-stage-view-plugin/commit/cee275109ee748fa9f599ec60159807a28a2933f","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/pipeline-stage-view-plugin/commit/cee275109ee748fa9f599ec60159807a28a2933f"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136388","reference_id":"2136388","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136388"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/10/19/3","reference_id":"3","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:24:25Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/10/19/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43408","reference_id":"CVE-2022-43408","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43408"},{"reference_url":"https://github.com/advisories/GHSA-g975-f26h-93g8","reference_id":"GHSA-g975-f26h-93g8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g975-f26h-93g8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828","reference_id":"#SECURITY-2828","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:24:25Z/"}],"url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828"}],"fixed_packages":[],"aliases":["CVE-2022-43408","GHSA-g975-f26h-93g8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsy5-wuvz-juh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351776?format=json","vulnerability_id":"VCID-yw72-1mwb-bqdc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30953.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30953.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30953","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2945","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29651","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29668","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29652","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30953"},{"reference_url":"https://github.com/jenkinsci/blueocean-plugin","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/blueocean-plugin"},{"reference_url":"https://github.com/jenkinsci/blueocean-plugin/commit/9f44b895d018c514d5dccc1f2190a2a029e58259","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/blueocean-plugin/commit/9f44b895d018c514d5dccc1f2190a2a029e58259"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30953","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30953"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/05/17/8","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/05/17/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119646","reference_id":"2119646","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119646"},{"reference_url":"https://github.com/advisories/GHSA-hgpq-42pf-9vfq","reference_id":"GHSA-hgpq-42pf-9vfq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgpq-42pf-9vfq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0017","reference_id":"RHSA-2023:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3610","reference_id":"RHSA-2023:3610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3622","reference_id":"RHSA-2023:3622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3622"}],"fixed_packages":[],"aliases":["CVE-2022-30953","GHSA-hgpq-42pf-9vfq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yw72-1mwb-bqdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11224?format=json","vulnerability_id":"VCID-zpc9-qmnr-ckga","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1471.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1471.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1471","reference_id":"","reference_type":"","scores":[{"value":"0.93849","scoring_system":"epss","scoring_elements":"0.99876","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1471"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/commits/5014df1a36f50aca54405bb8433bc99a8847f758","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/commits/5014df1a36f50aca54405bb8433bc99a8847f758"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/commits/acc44099f5f4af26ff86b4e4e4cc1c874e2dc5c4","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/commits/acc44099f5f4af26ff86b4e4e4cc1c874e2dc5c4"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE-2022-1471","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE-2022-1471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1471","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1471"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230818-0015","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230818-0015"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://snyk.io/blog/unsafe-deserialization-snakeyaml-java-cve-2022-1471","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/blog/unsafe-deserialization-snakeyaml-java-cve-2022-1471"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/19/1","reference_id":"1","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/19/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2150009","reference_id":"2150009","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2150009"},{"reference_url":"https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html","reference_id":"cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479","reference_id":"cve-2022-1471-vulnerability-in#comment-64581479","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"},{"reference_url":"https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c","reference_id":"%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c"},{"reference_url":"https://github.com/advisories/GHSA-mjmj-j48q-9wg2","reference_id":"GHSA-mjmj-j48q-9wg2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mjmj-j48q-9wg2"},{"reference_url":"https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2","reference_id":"GHSA-mjmj-j48q-9wg2","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"},{"reference_url":"https://github.com/mbechler/marshalsec","reference_id":"marshalsec","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://github.com/mbechler/marshalsec"},{"reference_url":"https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true","reference_id":"marshalsec.pdf?raw=true","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"},{"reference_url":"https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc","reference_id":"mwrakFaEdnc","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230818-0015/","reference_id":"ntap-20230818-0015","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230818-0015/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006/","reference_id":"ntap-20240621-0006","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"reference_url":"http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html","reference_id":"PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9032","reference_id":"RHSA-2022:9032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9058","reference_id":"RHSA-2022:9058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0697","reference_id":"RHSA-2023:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0758","reference_id":"RHSA-2023:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1006","reference_id":"RHSA-2023:1006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1043","reference_id":"RHSA-2023:1043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1044","reference_id":"RHSA-2023:1044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1045","reference_id":"RHSA-2023:1045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1047","reference_id":"RHSA-2023:1047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1049","reference_id":"RHSA-2023:1049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1512","reference_id":"RHSA-2023:1512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1513","reference_id":"RHSA-2023:1513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1514","reference_id":"RHSA-2023:1514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1516","reference_id":"RHSA-2023:1516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4612","reference_id":"RHSA-2023:4612","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4612"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5165","reference_id":"RHSA-2023:5165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6171","reference_id":"RHSA-2023:6171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7697","reference_id":"RHSA-2023:7697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0325","reference_id":"RHSA-2024:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0775","reference_id":"RHSA-2024:0775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1353","reference_id":"RHSA-2024:1353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1747","reference_id":"RHSA-2025:1747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1747"}],"fixed_packages":[],"aliases":["CVE-2022-1471","GHSA-mjmj-j48q-9wg2"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zpc9-qmnr-ckga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211464?format=json","vulnerability_id":"VCID-zwkg-gh5x-t7a4","summary":"Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43402.json","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43402.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43402","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29693","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29495","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29695","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29711","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43402"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136379","reference_id":"2136379","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136379"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43402","reference_id":"CVE-2022-43402","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43402"},{"reference_url":"https://github.com/advisories/GHSA-mqc2-w9r8-mmxm","reference_id":"GHSA-mqc2-w9r8-mmxm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqc2-w9r8-mmxm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"}],"fixed_packages":[],"aliases":["CVE-2022-43402","GHSA-mqc2-w9r8-mmxm"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwkg-gh5x-t7a4"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.9.1675668922-1%3Farch=el8"}