Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/jenkins-2-plugins@4.9.1667460322-1?arch=el8

Type rpm

Namespace redhat

Name jenkins-2-plugins

Version 4.9.1667460322-1

Qualifiers

arch	el8

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-hg91-mnh3-g3a4

vulnerability_id

VCID-hg91-mnh3-g3a4

summary

Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Jenkins Git client plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. Git client Plugin 3.11.1 provides strategies for performing host key verification for administrators to select the one that meets their security needs. For more information see [the plugin documentation](https://github.com/jenkinsci/git-client-plugin#ssh-host-key-verification).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36881.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36881.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-36881

reference_id

reference_type

scores

value	0.00739
scoring_system	epss
scoring_elements	0.72957
published_at	2026-04-29T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72959
published_at	2026-04-26T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72949
published_at	2026-04-24T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72908
published_at	2026-04-21T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72915
published_at	2026-04-18T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72905
published_at	2026-04-16T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72872
published_at	2026-04-12T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72888
published_at	2026-04-11T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72864
published_at	2026-04-13T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.7285
published_at	2026-04-08T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72816
published_at	2026-04-02T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72812
published_at	2026-04-07T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72837
published_at	2026-04-04T12:55:00Z

value	0.00912
scoring_system	epss
scoring_elements	0.75976
published_at	2026-05-07T12:55:00Z

value	0.00912
scoring_system	epss
scoring_elements	0.75946
published_at	2026-05-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-36881

reference_url

https://github.com/jenkinsci/git-client-plugin

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/git-client-plugin

reference_url

https://github.com/jenkinsci/git-client-plugin/commit/88f52c6c9b18bca4ad210e3b9910a49433583fd9

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/git-client-plugin/commit/88f52c6c9b18bca4ad210e3b9910a49433583fd9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-36881

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-36881

reference_url

https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1468

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1468

reference_url

http://www.openwall.com/lists/oss-security/2022/07/27/1

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/07/27/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2114755
reference_id	2114755
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2114755

reference_url

https://github.com/advisories/GHSA-cm7j-p8hc-97vj

reference_id

GHSA-cm7j-p8hc-97vj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cm7j-p8hc-97vj

reference_url	https://access.redhat.com/errata/RHSA-2022:7865
reference_id	RHSA-2022:7865
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7865

reference_url	https://access.redhat.com/errata/RHSA-2023:0017
reference_id	RHSA-2023:0017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0017

fixed_packages

aliases

CVE-2022-36881, GHSA-cm7j-p8hc-97vj

risk_score

3.6

exploitability

0.5

weighted_severity

7.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-hg91-mnh3-g3a4

url

VCID-tt48-pfzv-mkgt

vulnerability_id

VCID-tt48-pfzv-mkgt

summary

Cross-site Scripting in Jenkins JUnit Plugin
JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

JUnit Plugin 1119.1121.vc43d0fc45561 applies the configured markup formatter to descriptions of test results.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34176.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34176.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34176

reference_id

reference_type

scores

value	0.43618
scoring_system	epss
scoring_elements	0.97538
published_at	2026-05-05T12:55:00Z

value	0.43618
scoring_system	epss
scoring_elements	0.97542
published_at	2026-05-07T12:55:00Z

value	0.5595
scoring_system	epss
scoring_elements	0.98102
published_at	2026-04-21T12:55:00Z

value	0.5595
scoring_system	epss
scoring_elements	0.98106
published_at	2026-04-18T12:55:00Z

value	0.5595
scoring_system	epss
scoring_elements	0.98104
published_at	2026-04-26T12:55:00Z

value	0.5595
scoring_system	epss
scoring_elements	0.98103
published_at	2026-04-24T12:55:00Z

value	0.5595
scoring_system	epss
scoring_elements	0.98108
published_at	2026-04-29T12:55:00Z

value	0.5595
scoring_system	epss
scoring_elements	0.98099
published_at	2026-04-13T12:55:00Z

value	0.61912
scoring_system	epss
scoring_elements	0.98331
published_at	2026-04-04T12:55:00Z

value	0.61912
scoring_system	epss
scoring_elements	0.98329
published_at	2026-04-02T12:55:00Z

value	0.61912
scoring_system	epss
scoring_elements	0.98334
published_at	2026-04-07T12:55:00Z

value	0.61912
scoring_system	epss
scoring_elements	0.98339
published_at	2026-04-09T12:55:00Z

value	0.61912
scoring_system	epss
scoring_elements	0.98342
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34176

reference_url

https://github.com/jenkinsci/junit-plugin

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/junit-plugin

reference_url

https://github.com/jenkinsci/junit-plugin/commit/c43d0fc455619dd652ec87939ac3d70d6134fea1

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/junit-plugin/commit/c43d0fc455619dd652ec87939ac3d70d6134fea1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-34176

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-34176

reference_url

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2103548
reference_id	2103548
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2103548

reference_url

https://github.com/advisories/GHSA-64mj-3p92-589v

reference_id

GHSA-64mj-3p92-589v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-64mj-3p92-589v

reference_url	https://access.redhat.com/errata/RHSA-2022:6531
reference_id	RHSA-2022:6531
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6531

reference_url	https://access.redhat.com/errata/RHSA-2023:0017
reference_id	RHSA-2023:0017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0017

fixed_packages

aliases

CVE-2022-34176, GHSA-64mj-3p92-589v

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-tt48-pfzv-mkgt

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.9.1667460322-1%3Farch=el8

Package Instance