{"url":"http://public2.vulnerablecode.io/api/packages/68602?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.222.1","type":"maven","namespace":"org.jenkins-ci.main","name":"jenkins-core","version":"2.222.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.228","latest_non_vulnerable_version":"2.555","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46888?format=json","vulnerability_id":"VCID-w7hn-1uj8-cuc6","summary":"Cross-site WebSocket hijacking vulnerability in the Jenkins CLI\nJenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23898.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23898.json"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/de450967f38398169650b55c002f1229a3fcdb1b","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/de450967f38398169650b55c002f1229a3fcdb1b"},{"reference_url":"https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315"},{"reference_url":"https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/24/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/01/24/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2260182","reference_id":"2260182","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2260182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23898","reference_id":"CVE-2024-23898","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23898"},{"reference_url":"https://github.com/advisories/GHSA-53ph-2r2x-vqw8","reference_id":"GHSA-53ph-2r2x-vqw8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-53ph-2r2x-vqw8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0775","reference_id":"RHSA-2024:0775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0776","reference_id":"RHSA-2024:0776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0776"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0778","reference_id":"RHSA-2024:0778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0778"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68598?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.426.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.426.3"},{"url":"http://public2.vulnerablecode.io/api/packages/67239?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.427","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y4a2-mamb-yqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.427"},{"url":"http://public2.vulnerablecode.io/api/packages/68600?format=json","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core@2.442","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.442"}],"aliases":["CVE-2024-23898","GHSA-53ph-2r2x-vqw8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7hn-1uj8-cuc6"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.222.1"}