Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.va9433432b33c

Type maven

Namespace org.jenkins-ci.plugins.workflow

Name workflow-cps

Version 2648.va9433432b33c

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2648.2651.v230593e03e9f

Latest_non_vulnerable_version 3993.v3e20a

Affected_by_vulnerabilities

url VCID-jj9c-e7k7-aqea

vulnerability_id VCID-jj9c-e7k7-aqea

summary

Improper Link Resolution Before File Access ('Link Following')
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25176.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25176.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25176

reference_id

reference_type

scores

value	0.00642
scoring_system	epss
scoring_elements	0.70687
published_at	2026-04-29T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.706
published_at	2026-04-09T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70622
published_at	2026-04-11T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70608
published_at	2026-04-12T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70594
published_at	2026-04-13T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70639
published_at	2026-04-16T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70648
published_at	2026-04-18T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70626
published_at	2026-04-21T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70677
published_at	2026-04-24T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70545
published_at	2026-04-02T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70562
published_at	2026-04-04T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70539
published_at	2026-04-07T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70585
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25176

reference_url

https://github.com/jenkinsci/workflow-cps-plugin

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/workflow-cps-plugin

reference_url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:28Z/

url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2055787
reference_id	2055787
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2055787

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25176

reference_id

CVE-2022-25176

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25176

reference_url

https://github.com/advisories/GHSA-6473-gqrj-4p65

reference_id

GHSA-6473-gqrj-4p65

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6473-gqrj-4p65

reference_url	https://access.redhat.com/errata/RHSA-2022:0871
reference_id	RHSA-2022:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0871

reference_url	https://access.redhat.com/errata/RHSA-2022:1021
reference_id	RHSA-2022:1021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1021

reference_url	https://access.redhat.com/errata/RHSA-2022:1025
reference_id	RHSA-2022:1025
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1025

reference_url	https://access.redhat.com/errata/RHSA-2022:1248
reference_id	RHSA-2022:1248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1248

reference_url	https://access.redhat.com/errata/RHSA-2022:1420
reference_id	RHSA-2022:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1420

reference_url	https://access.redhat.com/errata/RHSA-2022:1620
reference_id	RHSA-2022:1620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1620

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f

aliases CVE-2022-25176, GHSA-6473-gqrj-4p65

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jj9c-e7k7-aqea

url VCID-m4y6-523t-v7ft

vulnerability_id VCID-m4y6-523t-v7ft

summary

Insufficiently Protected Credentials
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25180.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25180.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25180

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.12109
published_at	2026-04-29T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12306
published_at	2026-04-12T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12268
published_at	2026-04-13T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12162
published_at	2026-04-16T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12165
published_at	2026-04-18T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12271
published_at	2026-04-21T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12252
published_at	2026-04-24T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12219
published_at	2026-04-26T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.1236
published_at	2026-04-02T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12406
published_at	2026-04-04T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12206
published_at	2026-04-07T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12286
published_at	2026-04-08T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12336
published_at	2026-04-09T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12344
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25180

reference_url

https://github.com/jenkinsci/workflow-cps-plugin/commit/886676efdd711e126307ec70a539f2fe613151f9

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/workflow-cps-plugin/commit/886676efdd711e126307ec70a539f2fe613151f9

reference_url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2443

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2443

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2055795
reference_id	2055795
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2055795

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25180

reference_id

CVE-2022-25180

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25180

reference_url

https://github.com/advisories/GHSA-qv6q-x9vr-w7j3

reference_id

GHSA-qv6q-x9vr-w7j3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qv6q-x9vr-w7j3

reference_url	https://access.redhat.com/errata/RHSA-2022:0871
reference_id	RHSA-2022:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0871

reference_url	https://access.redhat.com/errata/RHSA-2022:1021
reference_id	RHSA-2022:1021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1021

reference_url	https://access.redhat.com/errata/RHSA-2022:1025
reference_id	RHSA-2022:1025
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1025

reference_url	https://access.redhat.com/errata/RHSA-2022:1248
reference_id	RHSA-2022:1248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1248

reference_url	https://access.redhat.com/errata/RHSA-2022:1420
reference_id	RHSA-2022:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1420

reference_url	https://access.redhat.com/errata/RHSA-2022:1620
reference_id	RHSA-2022:1620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1620

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a_e7b_75a_457
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a_e7b_75a_457
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a_e7b_75a_457

aliases CVE-2022-25180, GHSA-qv6q-x9vr-w7j3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4y6-523t-v7ft

url VCID-x5nw-w14p-juas

vulnerability_id VCID-x5nw-w14p-juas

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25173.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25173.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25173

reference_id

reference_type

scores

value	0.00184
scoring_system	epss
scoring_elements	0.39804
published_at	2026-04-29T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.4019
published_at	2026-04-11T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40114
published_at	2026-04-07T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40167
published_at	2026-04-08T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40179
published_at	2026-04-09T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40153
published_at	2026-04-12T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40134
published_at	2026-04-13T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40183
published_at	2026-04-16T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40154
published_at	2026-04-18T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40074
published_at	2026-04-21T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.39901
published_at	2026-04-24T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.39885
published_at	2026-04-26T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40165
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25173

reference_url

https://github.com/CVEProject/cvelist/blob/3615f493b8a36ff15735fb9d79c9dc9e0d542695/2022/25xxx/CVE-2022-25173.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/CVEProject/cvelist/blob/3615f493b8a36ff15735fb9d79c9dc9e0d542695/2022/25xxx/CVE-2022-25173.json

reference_url

https://github.com/jenkinsci/workflow-cps-plugin/commit/f7ae7b75a457976853539bff1db52373b85fdb85

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/workflow-cps-plugin/commit/f7ae7b75a457976853539bff1db52373b85fdb85

reference_url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463

reference_url

http://www.openwall.com/lists/oss-security/2022/02/15/2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/02/15/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2055733
reference_id	2055733
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2055733

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25173

reference_id

CVE-2022-25173

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25173

reference_url

https://github.com/advisories/GHSA-4m7p-55jm-3vwv

reference_id

GHSA-4m7p-55jm-3vwv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4m7p-55jm-3vwv

reference_url	https://access.redhat.com/errata/RHSA-2022:0871
reference_id	RHSA-2022:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0871

reference_url	https://access.redhat.com/errata/RHSA-2022:1021
reference_id	RHSA-2022:1021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1021

reference_url	https://access.redhat.com/errata/RHSA-2022:1025
reference_id	RHSA-2022:1025
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1025

reference_url	https://access.redhat.com/errata/RHSA-2022:1248
reference_id	RHSA-2022:1248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1248

reference_url	https://access.redhat.com/errata/RHSA-2022:1420
reference_id	RHSA-2022:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1420

reference_url	https://access.redhat.com/errata/RHSA-2022:1620
reference_id	RHSA-2022:1620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1620

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.2651.v230593e03e9f

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2656.vf7a

aliases CVE-2022-25173, GHSA-4m7p-55jm-3vwv

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5nw-w14p-juas

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps@2648.va9433432b33c

Package Instance