Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.1

Type maven

Namespace org.jenkins-ci.plugins.workflow

Name workflow-cps-global-lib

Version 2.21.1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.21.3

Latest_non_vulnerable_version 588.v576c103a_ff86

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-a8d9-5365-qubn

vulnerability_id VCID-a8d9-5365-qubn

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25174.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25174.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25174

reference_id

reference_type

scores

value	0.00219
scoring_system	epss
scoring_elements	0.44369
published_at	2026-04-29T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44562
published_at	2026-04-09T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44579
published_at	2026-04-11T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44549
published_at	2026-04-12T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.4455
published_at	2026-04-13T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44607
published_at	2026-04-16T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44599
published_at	2026-04-18T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.4453
published_at	2026-04-21T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44446
published_at	2026-04-24T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.4445
published_at	2026-04-26T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44545
published_at	2026-04-02T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44567
published_at	2026-04-04T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44507
published_at	2026-04-07T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44557
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25174

reference_url

https://github.com/CVEProject/cvelist/blob/e19344451ce1c4a4181b9f094b8fd38cd8d86c9f/2022/25xxx/CVE-2022-25174.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/CVEProject/cvelist/blob/e19344451ce1c4a4181b9f094b8fd38cd8d86c9f/2022/25xxx/CVE-2022-25174.json

reference_url

https://github.com/jenkinsci/workflow-cps-global-lib-plugin/commit/ace0de3c2d691662021ea10306eeb407da6b6365

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/workflow-cps-global-lib-plugin/commit/ace0de3c2d691662021ea10306eeb407da6b6365

reference_url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2055734
reference_id	2055734
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2055734

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25174

reference_id

CVE-2022-25174

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25174

reference_url

https://github.com/advisories/GHSA-g9fx-6j5c-grmw

reference_id

GHSA-g9fx-6j5c-grmw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g9fx-6j5c-grmw

reference_url	https://access.redhat.com/errata/RHSA-2022:0871
reference_id	RHSA-2022:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0871

reference_url	https://access.redhat.com/errata/RHSA-2022:1021
reference_id	RHSA-2022:1021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1021

reference_url	https://access.redhat.com/errata/RHSA-2022:1025
reference_id	RHSA-2022:1025
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1025

reference_url	https://access.redhat.com/errata/RHSA-2022:1248
reference_id	RHSA-2022:1248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1248

reference_url	https://access.redhat.com/errata/RHSA-2022:1420
reference_id	RHSA-2022:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1420

reference_url	https://access.redhat.com/errata/RHSA-2022:1620
reference_id	RHSA-2022:1620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1620

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.18.1
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.18.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.18.1

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.1
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.1

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va_ce0de3c2d69
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va_ce0de3c2d69
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va_ce0de3c2d69

aliases CVE-2022-25174, GHSA-g9fx-6j5c-grmw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8d9-5365-qubn

url VCID-chux-mqkp-cfe5

vulnerability_id VCID-chux-mqkp-cfe5

summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25178.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25178.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25178

reference_id

reference_type

scores

value	0.00296
scoring_system	epss
scoring_elements	0.5286
published_at	2026-04-29T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52909
published_at	2026-04-12T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52893
published_at	2026-04-13T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.5293
published_at	2026-04-16T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52938
published_at	2026-04-18T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.5292
published_at	2026-04-21T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52887
published_at	2026-04-24T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52898
published_at	2026-04-26T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52835
published_at	2026-04-02T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52861
published_at	2026-04-04T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52829
published_at	2026-04-07T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.5288
published_at	2026-04-08T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52874
published_at	2026-04-09T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52925
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25178

reference_url

https://github.com/jenkinsci/workflow-cps-global-lib-plugin

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/workflow-cps-global-lib-plugin

reference_url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2055789
reference_id	2055789
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2055789

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25178

reference_id

CVE-2022-25178

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25178

reference_url

https://github.com/advisories/GHSA-5hfv-mg5x-mv32

reference_id

GHSA-5hfv-mg5x-mv32

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5hfv-mg5x-mv32

reference_url	https://access.redhat.com/errata/RHSA-2022:0871
reference_id	RHSA-2022:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0871

reference_url	https://access.redhat.com/errata/RHSA-2022:1021
reference_id	RHSA-2022:1021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1021

reference_url	https://access.redhat.com/errata/RHSA-2022:1025
reference_id	RHSA-2022:1025
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1025

reference_url	https://access.redhat.com/errata/RHSA-2022:1248
reference_id	RHSA-2022:1248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1248

reference_url	https://access.redhat.com/errata/RHSA-2022:1420
reference_id	RHSA-2022:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1420

reference_url	https://access.redhat.com/errata/RHSA-2022:1620
reference_id	RHSA-2022:1620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1620

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.18.1
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.18.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.18.1

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.1
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.1

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va_ce0de3c2d69
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va_ce0de3c2d69
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va_ce0de3c2d69

aliases CVE-2022-25178, GHSA-5hfv-mg5x-mv32

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chux-mqkp-cfe5

url VCID-msed-m3xv-rkfg

vulnerability_id VCID-msed-m3xv-rkfg

summary

Improper Link Resolution Before File Access ('Link Following')
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25177.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25177.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25177

reference_id

reference_type

scores

value	0.00642
scoring_system	epss
scoring_elements	0.70687
published_at	2026-04-29T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70622
published_at	2026-04-11T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70608
published_at	2026-04-12T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70594
published_at	2026-04-13T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70639
published_at	2026-04-16T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70648
published_at	2026-04-18T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70626
published_at	2026-04-21T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70677
published_at	2026-04-24T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70545
published_at	2026-04-02T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70562
published_at	2026-04-04T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70539
published_at	2026-04-07T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70585
published_at	2026-04-08T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.706
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25177

reference_url

https://github.com/jenkinsci/workflow-cps-global-lib-plugin

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/workflow-cps-global-lib-plugin

reference_url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2055788
reference_id	2055788
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2055788

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25177

reference_id

CVE-2022-25177

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25177

reference_url

https://github.com/advisories/GHSA-q234-x887-9rxh

reference_id

GHSA-q234-x887-9rxh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q234-x887-9rxh

reference_url	https://access.redhat.com/errata/RHSA-2022:0871
reference_id	RHSA-2022:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0871

reference_url	https://access.redhat.com/errata/RHSA-2022:1021
reference_id	RHSA-2022:1021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1021

reference_url	https://access.redhat.com/errata/RHSA-2022:1025
reference_id	RHSA-2022:1025
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1025

reference_url	https://access.redhat.com/errata/RHSA-2022:1248
reference_id	RHSA-2022:1248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1248

reference_url	https://access.redhat.com/errata/RHSA-2022:1420
reference_id	RHSA-2022:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1420

reference_url	https://access.redhat.com/errata/RHSA-2022:1620
reference_id	RHSA-2022:1620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1620

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.18.1
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.18.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.18.1

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.1
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.1

url	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va_ce0de3c2d69
purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va_ce0de3c2d69
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va_ce0de3c2d69

aliases CVE-2022-25177, GHSA-q234-x887-9rxh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msed-m3xv-rkfg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.1

Package Instance