{"url":"http://public2.vulnerablecode.io/api/packages/98326?format=json","purl":"pkg:rpm/redhat/jenkins@2.361.1.1675668150-1?arch=el8","type":"rpm","namespace":"redhat","name":"jenkins","version":"2.361.1.1675668150-1","qualifiers":{"arch":"el8"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53887?format=json","vulnerability_id":"VCID-dvyn-8phs-a3a6","summary":"Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service\n### Description\nInvalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread.\nIf the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response.\nIf this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service.\n\n### Impact\nA malicious client may render the server unresponsive.\n\n### Patches\nThe fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10.\n\n### Workarounds\nNo workaround available within Jetty itself.\nOne possible workaround is to filter the requests before sending them to Jetty (for example in a proxy)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@webtide.com.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2048.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2048","reference_id":"","reference_type":"","scores":[{"value":"0.01222","scoring_system":"epss","scoring_elements":"0.79279","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01222","scoring_system":"epss","scoring_elements":"0.7924","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01222","scoring_system":"epss","scoring_elements":"0.79223","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01222","scoring_system":"epss","scoring_elements":"0.79207","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01222","scoring_system":"epss","scoring_elements":"0.79186","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01223","scoring_system":"epss","scoring_elements":"0.79181","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.79593","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.79616","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.79603","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.79631","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.79639","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.7966","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.79644","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.79637","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.79667","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79708","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79715","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79677","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2048"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/eclipse/jetty.project","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/eclipse/jetty.project"},{"reference_url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2048","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2048"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220901-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220901-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220901-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220901-0006/"},{"reference_url":"https://www.debian.org/security/2022/dsa-5198","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5198"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/09/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/09/09/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2116952","reference_id":"2116952","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2116952"},{"reference_url":"https://github.com/advisories/GHSA-wgmr-mf83-7x4j","reference_id":"GHSA-wgmr-mf83-7x4j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wgmr-mf83-7x4j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8652","reference_id":"RHSA-2022:8652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0017","reference_id":"RHSA-2023:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0189","reference_id":"RHSA-2023:0189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"}],"fixed_packages":[],"aliases":["CVE-2022-2048","GHSA-wgmr-mf83-7x4j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvyn-8phs-a3a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54095?format=json","vulnerability_id":"VCID-vgg4-g95a-gkey","summary":"Observable timing discrepancy allows determining username validity in Jenkins\nIn Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. This allows attackers to determine the validity of attacker-specified usernames.\n\nLogin attempts with an invalid username now validate a synthetic password to eliminate the timing discrepancy in Jenkins 2.356, LTS 2.332.4.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34174.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34174.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34174","reference_id":"","reference_type":"","scores":[{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64576","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64622","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64716","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64661","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64639","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64667","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.7516","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75152","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75156","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75078","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75123","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75113","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01169","scoring_system":"epss","scoring_elements":"0.78679","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01169","scoring_system":"epss","scoring_elements":"0.7861","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01169","scoring_system":"epss","scoring_elements":"0.78641","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01169","scoring_system":"epss","scoring_elements":"0.78622","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01169","scoring_system":"epss","scoring_elements":"0.78647","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01169","scoring_system":"epss","scoring_elements":"0.78654","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01169","scoring_system":"epss","scoring_elements":"0.7866","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34174"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/957ef5902f2e40b6358e6d10f12b26f9dbd2f75a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/957ef5902f2e40b6358e6d10f12b26f9dbd2f75a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34174","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34174"},{"reference_url":"https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119653","reference_id":"2119653","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119653"},{"reference_url":"https://github.com/advisories/GHSA-9grj-j43m-mjqr","reference_id":"GHSA-9grj-j43m-mjqr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9grj-j43m-mjqr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0017","reference_id":"RHSA-2023:0017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0697","reference_id":"RHSA-2023:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"}],"fixed_packages":[],"aliases":["CVE-2022-34174","GHSA-9grj-j43m-mjqr"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgg4-g95a-gkey"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.361.1.1675668150-1%3Farch=el8"}