{"url":"http://public2.vulnerablecode.io/api/packages/57766?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.171","type":"maven","namespace":"org.jenkins-ci.main","name":"jenkins-core","version":"2.171","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.172","latest_non_vulnerable_version":"2.551","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40901?format=json","vulnerability_id":"VCID-7vkv-m573-ubfa","summary":"Cross-site Scripting\nThe `f:validateButton` form control for the Jenkins UI did not properly escape job URLs resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.","references":[{"reference_url":"https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1327","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1327"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003050","reference_id":"CVE-2019-1003050","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003050"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57767?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.172","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.172"}],"aliases":["CVE-2019-1003050"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vkv-m573-ubfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40902?format=json","vulnerability_id":"VCID-uss9-7vj8-nffq","summary":"Improper Authentication\nUsers who cached their CLI authentication would remain authenticated because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.","references":[{"reference_url":"https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1289","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1289"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003049","reference_id":"CVE-2019-1003049","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003049"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57767?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.172","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.172"}],"aliases":["CVE-2019-1003049"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uss9-7vj8-nffq"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.171"}