Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.plugins/groovy@2802.v5ea_628154b_c2

Type maven

Namespace org.jenkins-ci.plugins

Name groovy

Version 2802.v5ea_628154b_c2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-s839-rpta-6bej

vulnerability_id

VCID-s839-rpta-6bej

summary

Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Pipeline: Groovy Plugin 2803.v1a_f77ffcc773 intercepts Groovy casts performed implicitly by the Groovy language runtime

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43402.json

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43402.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-43402

reference_id

reference_type

scores

value	0.00091
scoring_system	epss
scoring_elements	0.25461
published_at	2026-04-29T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25664
published_at	2026-04-12T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25607
published_at	2026-04-13T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25609
published_at	2026-04-16T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25593
published_at	2026-04-18T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25564
published_at	2026-04-21T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25517
published_at	2026-04-24T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25509
published_at	2026-04-26T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25763
published_at	2026-04-02T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25805
published_at	2026-04-04T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25576
published_at	2026-04-07T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25648
published_at	2026-04-08T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25695
published_at	2026-04-09T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25705
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-43402

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-43402

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-43402

reference_url

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)

reference_url

http://www.openwall.com/lists/oss-security/2022/10/19/3

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/10/19/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2136379
reference_id	2136379
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2136379

reference_url

https://github.com/advisories/GHSA-mqc2-w9r8-mmxm

reference_id

GHSA-mqc2-w9r8-mmxm

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mqc2-w9r8-mmxm

reference_url	https://access.redhat.com/errata/RHSA-2023:0560
reference_id	RHSA-2023:0560
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0560

reference_url	https://access.redhat.com/errata/RHSA-2023:0777
reference_id	RHSA-2023:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0777

reference_url	https://access.redhat.com/errata/RHSA-2023:1064
reference_id	RHSA-2023:1064
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1064

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

fixed_packages

aliases

CVE-2022-43402, GHSA-mqc2-w9r8-mmxm

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-s839-rpta-6bej

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/groovy@2802.v5ea_628154b_c2

Package Instance