Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/503033?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/503033?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.533", "type": "maven", "namespace": "org.jenkins-ci.main", "name": "jenkins-core", "version": "1.533", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.551", "latest_non_vulnerable_version": "2.555", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111971?format=api", "vulnerability_id": "VCID-7p52-ttmr-ekf9", "summary": "Jenkins allows attackers to execute arbitrary jobs\nBuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17877", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17896", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17974", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17971", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17935", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17858", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2058" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/b6b2a367a7976be80a799c6a49fa6c58d778b50e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/b6b2a367a7976be80a799c6a49fa6c58d778b50e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2058", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2058" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2" }, { "reference_url": "https://github.com/advisories/GHSA-7fpg-pp3m-h22f", "reference_id": "GHSA-7fpg-pp3m-h22f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7fpg-pp3m-h22f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150419?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.551", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.551" } ], "aliases": [ "CVE-2014-2058", "GHSA-7fpg-pp3m-h22f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7p52-ttmr-ekf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111121?format=api", "vulnerability_id": "VCID-dyzn-kn37-9ub7", "summary": "Jenkins cross-site scripting (XSS) vulnerability\nCross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2065.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2065.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33453", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33382", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33484", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.335", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33465", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33431", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2065" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2065", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2065" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067820", "reference_id": "1067820", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067820" }, { "reference_url": "https://github.com/advisories/GHSA-fxj8-cqcp-3vgq", "reference_id": "GHSA-fxj8-cqcp-3vgq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxj8-cqcp-3vgq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150419?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.551", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.551" } ], "aliases": [ "CVE-2014-2065", "GHSA-fxj8-cqcp-3vgq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dyzn-kn37-9ub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111952?format=api", "vulnerability_id": "VCID-gngu-jj3a-8fhk", "summary": "Jenkins cross-site scripting (XSS) vulnerability\nCross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a \"remote cause note.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2067.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28822", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28848", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28919", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28883", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28847", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28812", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2067" }, { "reference_url": "http://seclists.org/oss-sec/2014/q1/421", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2014/q1/421" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91354", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91354" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2067", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2067" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067832", "reference_id": "1067832", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067832" }, { "reference_url": "https://github.com/advisories/GHSA-vj6q-v2h7-6q5m", "reference_id": "GHSA-vj6q-v2h7-6q5m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vj6q-v2h7-6q5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150419?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.551", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.551" } ], "aliases": [ "CVE-2014-2067", "GHSA-vj6q-v2h7-6q5m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gngu-jj3a-8fhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112300?format=api", "vulnerability_id": "VCID-jrar-ahy7-4ud5", "summary": "Jenkins directory traversal vulnerability\nDirectory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2059.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01968", "scoring_system": "epss", "scoring_elements": "0.83881", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01968", "scoring_system": "epss", "scoring_elements": "0.83854", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01968", "scoring_system": "epss", "scoring_elements": "0.83877", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01968", "scoring_system": "epss", "scoring_elements": "0.8388", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01968", "scoring_system": "epss", "scoring_elements": "0.83875", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01968", "scoring_system": "epss", "scoring_elements": "0.83866", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2059" }, { "reference_url": "http://seclists.org/oss-sec/2014/q1/421", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2014/q1/421" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91346", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91346" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2059", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2059" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067801", "reference_id": "1067801", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067801" }, { "reference_url": "https://github.com/advisories/GHSA-v759-3fh9-84mx", "reference_id": "GHSA-v759-3fh9-84mx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v759-3fh9-84mx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150419?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.551", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.551" } ], "aliases": [ "CVE-2014-2059", "GHSA-v759-3fh9-84mx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrar-ahy7-4ud5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111552?format=api", "vulnerability_id": "VCID-k36j-f4b3-8bfj", "summary": "Jenkin allows attackers to obtain passwords by reading the HTML source code\nThe input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2061.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2061.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52052", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52014", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52075", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52084", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52064", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52032", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2061" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2061", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2061" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067808", "reference_id": "1067808", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067808" }, { "reference_url": "https://github.com/advisories/GHSA-rxfv-gm5x-9wqj", "reference_id": "GHSA-rxfv-gm5x-9wqj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxfv-gm5x-9wqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150419?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.551", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.551" } ], "aliases": [ "CVE-2014-2061", "GHSA-rxfv-gm5x-9wqj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k36j-f4b3-8bfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112413?format=api", "vulnerability_id": "VCID-pd5w-n7r7-b7g8", "summary": "Jenkins allows Remote Attackers to Hijack Sessions\nThe Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2060.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34627", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34592", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34574", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34644", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34529", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34608", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2060" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2060", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2060" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067806", "reference_id": "1067806", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067806" }, { "reference_url": "https://github.com/advisories/GHSA-9c26-cf8c-mw43", "reference_id": "GHSA-9c26-cf8c-mw43", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9c26-cf8c-mw43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150419?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.551", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.551" } ], "aliases": [ "CVE-2014-2060", "GHSA-9c26-cf8c-mw43" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pd5w-n7r7-b7g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111477?format=api", "vulnerability_id": "VCID-rczn-8mhg-r3gt", "summary": "Jenkins allows attackers to determine whether a user exists\nThe loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2064.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2064.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60339", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60301", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60348", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60351", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60338", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60321", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2064" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2064", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2064" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067817", "reference_id": "1067817", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067817" }, { "reference_url": "https://github.com/advisories/GHSA-9vg9-x38g-9hfx", "reference_id": "GHSA-9vg9-x38g-9hfx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9vg9-x38g-9hfx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150419?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.551", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.551" } ], "aliases": [ "CVE-2014-2064", "GHSA-9vg9-x38g-9hfx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rczn-8mhg-r3gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112289?format=api", "vulnerability_id": "VCID-u5tc-wg7e-hugj", "summary": "Jenkins Vulnerable to Clickjacking\nJenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2063.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2063.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2063", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62837", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62823", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62794", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62836", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62846", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2063" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2063", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2063" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067812", "reference_id": "1067812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067812" }, { "reference_url": "https://github.com/advisories/GHSA-w3f5-gq7j-m797", "reference_id": "GHSA-w3f5-gq7j-m797", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w3f5-gq7j-m797" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150419?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.551", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.551" } ], "aliases": [ "CVE-2014-2063", "GHSA-w3f5-gq7j-m797" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u5tc-wg7e-hugj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111027?format=api", "vulnerability_id": "VCID-xazs-qswk-97hg", "summary": "Jenkins session fixation vulnerability\nSession fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the \"override\" of Jenkins cookies.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2066.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2066.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2066", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33647", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33578", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33679", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33693", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33659", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33625", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2066" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2066", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2066" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067827", "reference_id": "1067827", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067827" }, { "reference_url": "https://github.com/advisories/GHSA-8jfx-h6q2-v4g3", "reference_id": "GHSA-8jfx-h6q2-v4g3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jfx-h6q2-v4g3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150419?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.551", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.551" } ], "aliases": [ "CVE-2014-2066", "GHSA-8jfx-h6q2-v4g3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xazs-qswk-97hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110957?format=api", "vulnerability_id": "VCID-z5nz-eya3-ebez", "summary": "Jenkins allows attackers to obtain sensitive information\nThe doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2068.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2068.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24642", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24658", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24757", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24747", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24691", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24633", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2068" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2068", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2068" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067835", "reference_id": "1067835", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067835" }, { "reference_url": "https://github.com/advisories/GHSA-pv88-j6rg-r56p", "reference_id": "GHSA-pv88-j6rg-r56p", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pv88-j6rg-r56p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150419?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.551", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.551" } ], "aliases": [ "CVE-2014-2068", "GHSA-pv88-j6rg-r56p" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z5nz-eya3-ebez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112196?format=api", "vulnerability_id": "VCID-zwgz-acg7-sbh3", "summary": "Jenkins does not invalidate the API token when a user is deleted\nJenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40268", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40227", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40308", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40311", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40284", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40254", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2062" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2062", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2062" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067811", "reference_id": "1067811", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067811" }, { "reference_url": "https://github.com/advisories/GHSA-vxc6-wvh8-fpxw", "reference_id": "GHSA-vxc6-wvh8-fpxw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxc6-wvh8-fpxw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150419?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.551", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.551" } ], "aliases": [ "CVE-2014-2062", "GHSA-vxc6-wvh8-fpxw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zwgz-acg7-sbh3" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.533" }