Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/jenkins-2-plugins@4.10.1663147786-1?arch=el8

Type rpm

Namespace redhat

Name jenkins-2-plugins

Version 4.10.1663147786-1

Qualifiers

arch	el8

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-qsut-4d83-97h1

vulnerability_id

VCID-qsut-4d83-97h1

summary

Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin
Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier allows Pipeline authors to specify `file` parameters for Pipeline `input` steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata using the parameter name without sanitization as a relative path inside a build-related directory.

This allows attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.

Pipeline: Input Step Plugin 449.v77f0e8b_845c4 prohibits use of `file` parameters for Pipeline `input` steps. Attempts to use them will fail Pipeline execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34177.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34177.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34177

reference_id

reference_type

scores

value	0.00112
scoring_system	epss
scoring_elements	0.29241
published_at	2026-05-07T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29822
published_at	2026-04-11T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29727
published_at	2026-04-13T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29744
published_at	2026-04-16T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29722
published_at	2026-04-18T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29677
published_at	2026-04-21T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29596
published_at	2026-04-24T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29482
published_at	2026-04-26T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.2942
published_at	2026-04-29T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29181
published_at	2026-05-05T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29853
published_at	2026-04-02T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29899
published_at	2026-04-04T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29715
published_at	2026-04-07T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29777
published_at	2026-04-12T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29813
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34177

reference_url

https://github.com/jenkinsci/pipeline-input-step-plugin

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/pipeline-input-step-plugin

reference_url

https://github.com/jenkinsci/pipeline-input-step-plugin/commit/77f0e8b845c4ad429f6c717eab21cf4e7a69168e

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/pipeline-input-step-plugin/commit/77f0e8b845c4ad429f6c717eab21cf4e7a69168e

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-34177

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-34177

reference_url

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2705

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2705

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2103551
reference_id	2103551
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2103551

reference_url

https://github.com/advisories/GHSA-29q6-p2cg-4v23

reference_id

GHSA-29q6-p2cg-4v23

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-29q6-p2cg-4v23

reference_url	https://access.redhat.com/errata/RHSA-2022:6531
reference_id	RHSA-2022:6531
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6531

reference_url	https://access.redhat.com/errata/RHSA-2022:9110
reference_id	RHSA-2022:9110
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9110

reference_url	https://access.redhat.com/errata/RHSA-2023:0017
reference_id	RHSA-2023:0017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0017

fixed_packages

aliases

CVE-2022-34177, GHSA-29q6-p2cg-4v23

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-qsut-4d83-97h1

url

VCID-tt48-pfzv-mkgt

vulnerability_id

VCID-tt48-pfzv-mkgt

summary

Cross-site Scripting in Jenkins JUnit Plugin
JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

JUnit Plugin 1119.1121.vc43d0fc45561 applies the configured markup formatter to descriptions of test results.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34176.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34176.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34176

reference_id

reference_type

scores

value	0.43618
scoring_system	epss
scoring_elements	0.97538
published_at	2026-05-05T12:55:00Z

value	0.43618
scoring_system	epss
scoring_elements	0.97542
published_at	2026-05-07T12:55:00Z

value	0.5595
scoring_system	epss
scoring_elements	0.98102
published_at	2026-04-21T12:55:00Z

value	0.5595
scoring_system	epss
scoring_elements	0.98106
published_at	2026-04-18T12:55:00Z

value	0.5595
scoring_system	epss
scoring_elements	0.98104
published_at	2026-04-26T12:55:00Z

value	0.5595
scoring_system	epss
scoring_elements	0.98103
published_at	2026-04-24T12:55:00Z

value	0.5595
scoring_system	epss
scoring_elements	0.98108
published_at	2026-04-29T12:55:00Z

value	0.5595
scoring_system	epss
scoring_elements	0.98099
published_at	2026-04-13T12:55:00Z

value	0.61912
scoring_system	epss
scoring_elements	0.98331
published_at	2026-04-04T12:55:00Z

value	0.61912
scoring_system	epss
scoring_elements	0.98329
published_at	2026-04-02T12:55:00Z

value	0.61912
scoring_system	epss
scoring_elements	0.98334
published_at	2026-04-07T12:55:00Z

value	0.61912
scoring_system	epss
scoring_elements	0.98339
published_at	2026-04-09T12:55:00Z

value	0.61912
scoring_system	epss
scoring_elements	0.98342
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34176

reference_url

https://github.com/jenkinsci/junit-plugin

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/junit-plugin

reference_url

https://github.com/jenkinsci/junit-plugin/commit/c43d0fc455619dd652ec87939ac3d70d6134fea1

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/junit-plugin/commit/c43d0fc455619dd652ec87939ac3d70d6134fea1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-34176

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-34176

reference_url

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2103548
reference_id	2103548
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2103548

reference_url

https://github.com/advisories/GHSA-64mj-3p92-589v

reference_id

GHSA-64mj-3p92-589v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-64mj-3p92-589v

reference_url	https://access.redhat.com/errata/RHSA-2022:6531
reference_id	RHSA-2022:6531
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6531

reference_url	https://access.redhat.com/errata/RHSA-2023:0017
reference_id	RHSA-2023:0017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0017

fixed_packages

aliases

CVE-2022-34176, GHSA-64mj-3p92-589v

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-tt48-pfzv-mkgt

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.10.1663147786-1%3Farch=el8

Package Instance