Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/50759?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/50759?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "type": "maven", "namespace": "org.jenkins-ci.main", "name": "jenkins-core", "version": "1.638", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.640", "latest_non_vulnerable_version": "2.555", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14432?format=api", "vulnerability_id": "VCID-8g3u-4dyc-6fak", "summary": "Jenkins has Information Disclosure via Sidepanel Widget\nThe sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5321.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5321.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43147", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43308", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43369", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43358", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43294", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43227", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.4323", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43151", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43018", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43096", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43112", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43052", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43083", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43245", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43301", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.4333", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43267", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43319", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43334", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43354", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43323", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5321" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/251bdb00ab3cf4435416f0a55fa3bccf7f58896a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/251bdb00ab3cf4435416f0a55fa3bccf7f58896a" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/9e439d462c28fe1c96799c89709dc5d0cb8ab8fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/9e439d462c28fe1c96799c89709dc5d0cb8ab8fa" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282364", "reference_id": "1282364", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282364" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5321", "reference_id": "CVE-2015-5321", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5321" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "CVE-2015-8103;OSVDB-130184", "reference_type": "exploit", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://github.com/advisories/GHSA-4653-rmch-3g2g", "reference_id": "GHSA-4653-rmch-3g2g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4653-rmch-3g2g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0489", "reference_id": "RHSA-2016:0489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50761?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/50759?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5321", "GHSA-4653-rmch-3g2g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8g3u-4dyc-6fak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14521?format=api", "vulnerability_id": "VCID-ejrj-pum8-9qa3", "summary": "Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack\nJenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5318.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5318.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5318", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18074", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18061", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18095", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18002", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17978", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17941", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17796", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17889", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17992", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17954", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17991", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18147", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18304", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18358", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1806", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18143", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18199", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18203", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18157", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18106", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18048", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5318" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/f53802bb82a25b295b6dfa3bf2a591a6c8552183", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/f53802bb82a25b295b6dfa3bf2a591a6c8552183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282361", "reference_id": "1282361", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282361" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5318", "reference_id": "CVE-2015-5318", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5318" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "CVE-2015-8103;OSVDB-130184", "reference_type": "exploit", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://github.com/advisories/GHSA-3wmv-7php-rhg5", "reference_id": "GHSA-3wmv-7php-rhg5", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3wmv-7php-rhg5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0489", "reference_id": "RHSA-2016:0489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50761?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/50759?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5318", "GHSA-3wmv-7php-rhg5" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ejrj-pum8-9qa3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14940?format=api", "vulnerability_id": "VCID-gbeg-v39c-hfe5", "summary": "Jenkins allows Administrators to Access API Tokens\nJenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5323.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5323.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5323", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41912", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42165", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42094", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42039", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42034", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41952", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4181", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41884", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41897", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41812", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41837", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42092", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42151", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42178", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42118", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42169", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4218", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42203", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42166", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42139", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4219", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5323" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282366", "reference_id": "1282366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282366" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5323", "reference_id": "CVE-2015-5323", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5323" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "CVE-2015-8103;OSVDB-130184", "reference_type": "exploit", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://github.com/advisories/GHSA-x4m5-j4x4-4wjg", "reference_id": "GHSA-x4m5-j4x4-4wjg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4m5-j4x4-4wjg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0489", "reference_id": "RHSA-2016:0489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50761?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/50759?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5323", "GHSA-x4m5-j4x4-4wjg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbeg-v39c-hfe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14434?format=api", "vulnerability_id": "VCID-jfpr-4eze-j3f1", "summary": "Jenkins allows Cross-Site Scripting (XSS)\nCross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5326.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5326.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.3653", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36938", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36878", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36651", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36619", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36531", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36417", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36489", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36517", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36434", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36457", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36866", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.37035", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.37069", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36897", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36948", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.3696", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36969", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36934", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36909", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36953", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5326" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282369", "reference_id": "1282369", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282369" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5326", "reference_id": "CVE-2015-5326", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5326" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "CVE-2015-8103;OSVDB-130184", "reference_type": "exploit", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://github.com/advisories/GHSA-5mwr-jg3r-jv66", "reference_id": "GHSA-5mwr-jg3r-jv66", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mwr-jg3r-jv66" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0489", "reference_id": "RHSA-2016:0489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50761?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/50759?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5326", "GHSA-5mwr-jg3r-jv66" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jfpr-4eze-j3f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14974?format=api", "vulnerability_id": "VCID-n5z8-5v21-g7e9", "summary": "Jenkins has Local File Inclusion Vulnerability\nDirectory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5322.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5322.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5322", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.3764", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38119", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38099", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38036", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37821", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37798", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37704", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.3759", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.3766", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37676", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37563", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37984", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38164", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38187", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38058", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38108", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38116", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38134", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38097", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38073", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5322" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282365", "reference_id": "1282365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282365" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5322", "reference_id": "CVE-2015-5322", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5322" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "CVE-2015-8103;OSVDB-130184", "reference_type": "exploit", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://github.com/advisories/GHSA-89vc-7frq-2rfj", "reference_id": "GHSA-89vc-7frq-2rfj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-89vc-7frq-2rfj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0489", "reference_id": "RHSA-2016:0489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50761?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/50759?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5322", "GHSA-89vc-7frq-2rfj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n5z8-5v21-g7e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14990?format=api", "vulnerability_id": "VCID-qpec-wa2s-23f3", "summary": "Jenkins allows Bypass of Access Restrictions\nJenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5325.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31572", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32043", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32016", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31851", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31725", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31643", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3149", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31562", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31571", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3148", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31503", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3203", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32157", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32196", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32019", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3207", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.321", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32103", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32064", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32033", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32067", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5325" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/054a329c59171ca12ff98f7063ce7fd053ee08bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/054a329c59171ca12ff98f7063ce7fd053ee08bf" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282368", "reference_id": "1282368", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282368" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5325", "reference_id": "CVE-2015-5325", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5325" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "CVE-2015-8103;OSVDB-130184", "reference_type": "exploit", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://github.com/advisories/GHSA-x2q2-8pwq-fr5r", "reference_id": "GHSA-x2q2-8pwq-fr5r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2q2-8pwq-fr5r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0489", "reference_id": "RHSA-2016:0489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50761?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/50759?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5325", "GHSA-x2q2-8pwq-fr5r" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpec-wa2s-23f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14454?format=api", "vulnerability_id": "VCID-tsy7-92cs-6uc1", "summary": "Jenkins discloses project names via fingerprints\nThe Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5317.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5317.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5317", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27392", "scoring_system": "epss", "scoring_elements": "0.96395", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.27392", "scoring_system": "epss", "scoring_elements": "0.96391", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.27392", "scoring_system": "epss", "scoring_elements": "0.9638", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.27392", "scoring_system": "epss", "scoring_elements": "0.96387", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.27392", "scoring_system": "epss", "scoring_elements": "0.96427", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.27392", "scoring_system": "epss", "scoring_elements": "0.96425", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.27392", "scoring_system": "epss", "scoring_elements": "0.96421", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.27392", "scoring_system": "epss", "scoring_elements": "0.96414", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.27392", "scoring_system": "epss", "scoring_elements": "0.96411", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.27392", "scoring_system": "epss", "scoring_elements": "0.96406", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.27392", "scoring_system": "epss", "scoring_elements": "0.96403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.39696", "scoring_system": "epss", "scoring_elements": "0.97358", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.39696", "scoring_system": "epss", "scoring_elements": "0.97325", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.39696", "scoring_system": "epss", "scoring_elements": "0.97326", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.39696", "scoring_system": "epss", "scoring_elements": "0.97328", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.39696", "scoring_system": "epss", "scoring_elements": "0.97331", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.39696", "scoring_system": "epss", "scoring_elements": "0.97336", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.39696", "scoring_system": "epss", "scoring_elements": "0.9734", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.39696", "scoring_system": "epss", "scoring_elements": "0.97346", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.39696", "scoring_system": "epss", "scoring_elements": "0.9735", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5317" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282359", "reference_id": "1282359", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282359" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5317", "reference_id": "CVE-2015-5317", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5317" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "CVE-2015-8103;OSVDB-130184", "reference_type": "exploit", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://github.com/advisories/GHSA-8pqx-3rxx-f5pm", "reference_id": "GHSA-8pqx-3rxx-f5pm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8pqx-3rxx-f5pm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0489", "reference_id": "RHSA-2016:0489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50761?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/50759?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5317", "GHSA-8pqx-3rxx-f5pm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tsy7-92cs-6uc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14426?format=api", "vulnerability_id": "VCID-vcqm-2bae-w3e7", "summary": "Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI\nXML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5319.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5319.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5319", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54804", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54717", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54755", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54738", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.5471", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54729", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54706", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54652", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54695", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.5475", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54631", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54702", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54724", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54694", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54747", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54742", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54754", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54739", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5319" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/e78e9e8144f7304cf274cd4b756f458cf63a3556", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/e78e9e8144f7304cf274cd4b756f458cf63a3556" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282362", "reference_id": "1282362", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282362" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5319", "reference_id": "CVE-2015-5319", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5319" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "CVE-2015-8103;OSVDB-130184", "reference_type": "exploit", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://github.com/advisories/GHSA-3j9c-cp7m-8w8g", "reference_id": "GHSA-3j9c-cp7m-8w8g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3j9c-cp7m-8w8g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0489", "reference_id": "RHSA-2016:0489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50761?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/50759?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5319", "GHSA-3j9c-cp7m-8w8g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vcqm-2bae-w3e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14461?format=api", "vulnerability_id": "VCID-w9zw-vvsw-3qbb", "summary": "Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor\nJenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5320.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5320.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5320", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43147", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43227", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.4323", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43151", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43018", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43096", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43112", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43052", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43083", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43245", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43301", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.4333", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43267", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43319", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43334", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43354", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43323", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43308", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43369", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43358", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43294", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5320" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282363", "reference_id": "1282363", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282363" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5320", "reference_id": "CVE-2015-5320", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5320" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "CVE-2015-8103;OSVDB-130184", "reference_type": "exploit", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://github.com/advisories/GHSA-449q-v4j2-5h8p", "reference_id": "GHSA-449q-v4j2-5h8p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-449q-v4j2-5h8p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0489", "reference_id": "RHSA-2016:0489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50761?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/50759?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5320", "GHSA-449q-v4j2-5h8p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w9zw-vvsw-3qbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14486?format=api", "vulnerability_id": "VCID-zfsk-m177-9qch", "summary": "Jenkins allows Unauthorized Viewing of Queue API Information\nJenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0070" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5324.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5324.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5324", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51824", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51843", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51764", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51774", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51803", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51739", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51776", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51681", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51732", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51768", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51837", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5183", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51686", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51788", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51736", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51762", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51723", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51778", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5324" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/33b55588a6a5f844a59f2cd8940d385c6d412eb5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/33b55588a6a5f844a59f2cd8940d385c6d412eb5" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/4a72e938d58598cd4bd3caa48ee9e8a3f60c30e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/4a72e938d58598cd4bd3caa48ee9e8a3f60c30e4" }, { "reference_url": "https://github.com/jenkinsci/jenkins/commit/581eb9ceb354b8a55c010d0547ff73cb6fd67a75", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins/commit/581eb9ceb354b8a55c010d0547ff73cb6fd67a75" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282367", "reference_id": "1282367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282367" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5324", "reference_id": "CVE-2015-5324", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5324" }, { "reference_url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "reference_id": "CVE-2015-8103;OSVDB-130184", "reference_type": "exploit", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" }, { "reference_url": "https://github.com/advisories/GHSA-5xmf-9vgr-53mj", "reference_id": "GHSA-5xmf-9vgr-53mj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5xmf-9vgr-53mj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0489", "reference_id": "RHSA-2016:0489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50761?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.625.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/50759?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.638", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" } ], "aliases": [ "CVE-2015-5324", "GHSA-5xmf-9vgr-53mj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zfsk-m177-9qch" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.638" }