Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.252

Type maven

Namespace org.jenkins-ci.main

Name jenkins-core

Version 2.252

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.276

Latest_non_vulnerable_version 2.555

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-cgen-qcyh-yqbu

vulnerability_id VCID-cgen-qcyh-yqbu

summary

Jenkins Cross-site Scripting vulnerability in project naming strategy
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, that is displayed on item creation.\n\nThis results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.\n\nJenkins 2.252, LTS 2.235.4 escapes the project naming strategy description.

references

reference_url

http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2230.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2230.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-2230

reference_id

reference_type

scores

value	0.0038
scoring_system	epss
scoring_elements	0.59481
published_at	2026-04-29T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59465
published_at	2026-04-04T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59432
published_at	2026-04-07T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59483
published_at	2026-04-08T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59496
published_at	2026-04-26T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59514
published_at	2026-04-11T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59499
published_at	2026-04-12T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59479
published_at	2026-04-13T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59512
published_at	2026-04-16T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59519
published_at	2026-04-18T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59502
published_at	2026-04-21T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59475
published_at	2026-04-24T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59368
published_at	2026-04-01T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59441
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-2230

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/e49f690939596acbc9a1be64128b2c7eaf91a6db

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/e49f690939596acbc9a1be64128b2c7eaf91a6db

reference_url

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1957

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1957

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-2230

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-2230

reference_url

http://www.openwall.com/lists/oss-security/2020/08/12/4

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/08/12/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1875232
reference_id	1875232
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1875232

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49237.txt
reference_id	CVE-2020-2230
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49237.txt

reference_url

https://github.com/advisories/GHSA-9g4m-ffx6-c29g

reference_id

GHSA-9g4m-ffx6-c29g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9g4m-ffx6-c29g

reference_url	https://access.redhat.com/errata/RHSA-2020:3808
reference_id	RHSA-2020:3808
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3808

reference_url	https://access.redhat.com/errata/RHSA-2020:3841
reference_id	RHSA-2020:3841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3841

reference_url	https://access.redhat.com/errata/RHSA-2020:4220
reference_id	RHSA-2020:4220
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4220

reference_url	https://access.redhat.com/errata/RHSA-2020:4223
reference_id	RHSA-2020:4223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4223

fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.4
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.4

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.252

aliases CVE-2020-2230, GHSA-9g4m-ffx6-c29g

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgen-qcyh-yqbu

url VCID-fy5p-8vcs-zkha

vulnerability_id VCID-fy5p-8vcs-zkha

summary

Jenkins Cross-Site Scripting vulnerability in help icons
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values.
This results in a stored cross-site scripting (XSS) vulnerability.
Jenkins 2.252, LTS 2.235.4 escapes the tooltip content of help icons.

references

reference_url

http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2229.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2229.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-2229

reference_id

reference_type

scores

value	0.02572
scoring_system	epss
scoring_elements	0.85604
published_at	2026-04-29T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.85509
published_at	2026-04-07T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.85529
published_at	2026-04-08T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.85538
published_at	2026-04-09T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.85552
published_at	2026-04-11T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.8555
published_at	2026-04-12T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.85547
published_at	2026-04-13T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.8557
published_at	2026-04-16T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.85575
published_at	2026-04-18T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.85571
published_at	2026-04-21T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.85593
published_at	2026-04-24T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.85603
published_at	2026-04-26T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.85476
published_at	2026-04-01T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.85488
published_at	2026-04-02T12:55:00Z

value	0.02572
scoring_system	epss
scoring_elements	0.85504
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-2229

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/fe4cbe03804d6240d0b58d0b2301ea9530a34916

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/fe4cbe03804d6240d0b58d0b2301ea9530a34916

reference_url

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1955

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1955

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-2229

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-2229

reference_url

http://www.openwall.com/lists/oss-security/2020/08/12/4

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/08/12/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1874830
reference_id	1874830
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1874830

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49232.txt
reference_id	CVE-2020-2229
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49232.txt

reference_url

https://github.com/advisories/GHSA-hvmc-7g2x-r3p9

reference_id

GHSA-hvmc-7g2x-r3p9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hvmc-7g2x-r3p9

reference_url	https://access.redhat.com/errata/RHSA-2020:3808
reference_id	RHSA-2020:3808
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3808

reference_url	https://access.redhat.com/errata/RHSA-2020:3841
reference_id	RHSA-2020:3841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3841

reference_url	https://access.redhat.com/errata/RHSA-2020:4220
reference_id	RHSA-2020:4220
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4220

reference_url	https://access.redhat.com/errata/RHSA-2020:4223
reference_id	RHSA-2020:4223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4223

fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.4
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.4

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.252

aliases CVE-2020-2229, GHSA-hvmc-7g2x-r3p9

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fy5p-8vcs-zkha

url VCID-re1r-xjv4-sqd3

vulnerability_id VCID-re1r-xjv4-sqd3

summary

Improper Neutralization of Input During Web Page Generation in Jenkins
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.

references

reference_url

http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2231.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2231.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-2231

reference_id

reference_type

scores

value	0.00472
scoring_system	epss
scoring_elements	0.64716
published_at	2026-04-24T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64696
published_at	2026-04-21T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64709
published_at	2026-04-18T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64697
published_at	2026-04-16T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64661
published_at	2026-04-13T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64581
published_at	2026-04-01T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64634
published_at	2026-04-02T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64689
published_at	2026-04-12T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64663
published_at	2026-04-04T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.6462
published_at	2026-04-07T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64669
published_at	2026-04-08T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64701
published_at	2026-04-11T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64684
published_at	2026-04-09T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64726
published_at	2026-04-29T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.64728
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-2231

reference_url

https://github.com/jenkinsci/jenkins/commit/29c9a8fdeafe26fded955cfba188f50fd4f1786a

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/29c9a8fdeafe26fded955cfba188f50fd4f1786a

reference_url

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-2231

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-2231

reference_url

http://www.openwall.com/lists/oss-security/2020/08/12/4

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/08/12/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1875234
reference_id	1875234
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1875234

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49244.txt
reference_id	CVE-2020-2231
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49244.txt

reference_url

https://github.com/advisories/GHSA-jpvq-v729-7j2h

reference_id

GHSA-jpvq-v729-7j2h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jpvq-v729-7j2h

reference_url	https://access.redhat.com/errata/RHSA-2020:3808
reference_id	RHSA-2020:3808
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3808

reference_url	https://access.redhat.com/errata/RHSA-2020:3841
reference_id	RHSA-2020:3841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3841

reference_url	https://access.redhat.com/errata/RHSA-2020:4220
reference_id	RHSA-2020:4220
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4220

reference_url	https://access.redhat.com/errata/RHSA-2020:4223
reference_id	RHSA-2020:4223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4223

fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.4
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.4

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.252

aliases CVE-2020-2231, GHSA-jpvq-v729-7j2h

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-re1r-xjv4-sqd3

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.252

Package Instance