Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.main/jenkins-core@2.236
Typemaven
Namespaceorg.jenkins-ci.main
Namejenkins-core
Version2.236
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.245
Latest_non_vulnerable_version2.555
Affected_by_vulnerabilities
0
url VCID-cgen-qcyh-yqbu
vulnerability_id VCID-cgen-qcyh-yqbu
summary 
Jenkins Cross-site Scripting vulnerability in project naming strategy
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, that is displayed on item creation.\n\nThis results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.\n\nJenkins 2.252, LTS 2.235.4 escapes the project naming strategy description.
references
0
reference_url http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2230.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2230.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2230
reference_id
reference_type
scores
0
value 0.0038
scoring_system epss
scoring_elements 0.59481
published_at 2026-04-29T12:55:00Z
1
value 0.0038
scoring_system epss
scoring_elements 0.59465
published_at 2026-04-04T12:55:00Z
2
value 0.0038
scoring_system epss
scoring_elements 0.59432
published_at 2026-04-07T12:55:00Z
3
value 0.0038
scoring_system epss
scoring_elements 0.59483
published_at 2026-04-08T12:55:00Z
4
value 0.0038
scoring_system epss
scoring_elements 0.59496
published_at 2026-04-26T12:55:00Z
5
value 0.0038
scoring_system epss
scoring_elements 0.59514
published_at 2026-04-11T12:55:00Z
6
value 0.0038
scoring_system epss
scoring_elements 0.59499
published_at 2026-04-12T12:55:00Z
7
value 0.0038
scoring_system epss
scoring_elements 0.59479
published_at 2026-04-13T12:55:00Z
8
value 0.0038
scoring_system epss
scoring_elements 0.59512
published_at 2026-04-16T12:55:00Z
9
value 0.0038
scoring_system epss
scoring_elements 0.59519
published_at 2026-04-18T12:55:00Z
10
value 0.0038
scoring_system epss
scoring_elements 0.59502
published_at 2026-04-21T12:55:00Z
11
value 0.0038
scoring_system epss
scoring_elements 0.59475
published_at 2026-04-24T12:55:00Z
12
value 0.0038
scoring_system epss
scoring_elements 0.59368
published_at 2026-04-01T12:55:00Z
13
value 0.0038
scoring_system epss
scoring_elements 0.59441
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2230
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/e49f690939596acbc9a1be64128b2c7eaf91a6db
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/e49f690939596acbc9a1be64128b2c7eaf91a6db
5
reference_url https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1957
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1957
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2230
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2230
7
reference_url http://www.openwall.com/lists/oss-security/2020/08/12/4
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/08/12/4
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1875232
reference_id 1875232
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1875232
9
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49237.txt
reference_id CVE-2020-2230
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49237.txt
10
reference_url https://github.com/advisories/GHSA-9g4m-ffx6-c29g
reference_id GHSA-9g4m-ffx6-c29g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9g4m-ffx6-c29g
11
reference_url https://access.redhat.com/errata/RHSA-2020:3808
reference_id RHSA-2020:3808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3808
12
reference_url https://access.redhat.com/errata/RHSA-2020:3841
reference_id RHSA-2020:3841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3841
13
reference_url https://access.redhat.com/errata/RHSA-2020:4220
reference_id RHSA-2020:4220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4220
14
reference_url https://access.redhat.com/errata/RHSA-2020:4223
reference_id RHSA-2020:4223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4223
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
aliases CVE-2020-2230, GHSA-9g4m-ffx6-c29g
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgen-qcyh-yqbu
1
url VCID-fy5p-8vcs-zkha
vulnerability_id VCID-fy5p-8vcs-zkha
summary 
Jenkins Cross-Site Scripting vulnerability in help icons
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values.
This results in a stored cross-site scripting (XSS) vulnerability.
Jenkins 2.252, LTS 2.235.4 escapes the tooltip content of help icons.
references
0
reference_url http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2229.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2229.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2229
reference_id
reference_type
scores
0
value 0.02572
scoring_system epss
scoring_elements 0.85604
published_at 2026-04-29T12:55:00Z
1
value 0.02572
scoring_system epss
scoring_elements 0.85509
published_at 2026-04-07T12:55:00Z
2
value 0.02572
scoring_system epss
scoring_elements 0.85529
published_at 2026-04-08T12:55:00Z
3
value 0.02572
scoring_system epss
scoring_elements 0.85538
published_at 2026-04-09T12:55:00Z
4
value 0.02572
scoring_system epss
scoring_elements 0.85552
published_at 2026-04-11T12:55:00Z
5
value 0.02572
scoring_system epss
scoring_elements 0.8555
published_at 2026-04-12T12:55:00Z
6
value 0.02572
scoring_system epss
scoring_elements 0.85547
published_at 2026-04-13T12:55:00Z
7
value 0.02572
scoring_system epss
scoring_elements 0.8557
published_at 2026-04-16T12:55:00Z
8
value 0.02572
scoring_system epss
scoring_elements 0.85575
published_at 2026-04-18T12:55:00Z
9
value 0.02572
scoring_system epss
scoring_elements 0.85571
published_at 2026-04-21T12:55:00Z
10
value 0.02572
scoring_system epss
scoring_elements 0.85593
published_at 2026-04-24T12:55:00Z
11
value 0.02572
scoring_system epss
scoring_elements 0.85603
published_at 2026-04-26T12:55:00Z
12
value 0.02572
scoring_system epss
scoring_elements 0.85476
published_at 2026-04-01T12:55:00Z
13
value 0.02572
scoring_system epss
scoring_elements 0.85488
published_at 2026-04-02T12:55:00Z
14
value 0.02572
scoring_system epss
scoring_elements 0.85504
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2229
3
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
4
reference_url https://github.com/jenkinsci/jenkins/commit/fe4cbe03804d6240d0b58d0b2301ea9530a34916
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/fe4cbe03804d6240d0b58d0b2301ea9530a34916
5
reference_url https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1955
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1955
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2229
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2229
7
reference_url http://www.openwall.com/lists/oss-security/2020/08/12/4
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/08/12/4
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1874830
reference_id 1874830
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1874830
9
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49232.txt
reference_id CVE-2020-2229
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49232.txt
10
reference_url https://github.com/advisories/GHSA-hvmc-7g2x-r3p9
reference_id GHSA-hvmc-7g2x-r3p9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hvmc-7g2x-r3p9
11
reference_url https://access.redhat.com/errata/RHSA-2020:3808
reference_id RHSA-2020:3808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3808
12
reference_url https://access.redhat.com/errata/RHSA-2020:3841
reference_id RHSA-2020:3841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3841
13
reference_url https://access.redhat.com/errata/RHSA-2020:4220
reference_id RHSA-2020:4220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4220
14
reference_url https://access.redhat.com/errata/RHSA-2020:4223
reference_id RHSA-2020:4223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4223
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
aliases CVE-2020-2229, GHSA-hvmc-7g2x-r3p9
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fy5p-8vcs-zkha
2
url VCID-he3v-ysf3-zkb8
vulnerability_id VCID-he3v-ysf3-zkb8
summary 
Stored XSS vulnerability in Jenkins console links
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the `href` attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission.

Jenkins 2.245, LTS 2.235.2 escapes the `href` attribute of these links.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2223.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2223.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2223
reference_id
reference_type
scores
0
value 0.00513
scoring_system epss
scoring_elements 0.66559
published_at 2026-04-29T12:55:00Z
1
value 0.00513
scoring_system epss
scoring_elements 0.66558
published_at 2026-04-26T12:55:00Z
2
value 0.00513
scoring_system epss
scoring_elements 0.66542
published_at 2026-04-24T12:55:00Z
3
value 0.00513
scoring_system epss
scoring_elements 0.66518
published_at 2026-04-21T12:55:00Z
4
value 0.00513
scoring_system epss
scoring_elements 0.66533
published_at 2026-04-18T12:55:00Z
5
value 0.00513
scoring_system epss
scoring_elements 0.66515
published_at 2026-04-16T12:55:00Z
6
value 0.00513
scoring_system epss
scoring_elements 0.6648
published_at 2026-04-13T12:55:00Z
7
value 0.00513
scoring_system epss
scoring_elements 0.66511
published_at 2026-04-12T12:55:00Z
8
value 0.00513
scoring_system epss
scoring_elements 0.66524
published_at 2026-04-11T12:55:00Z
9
value 0.00513
scoring_system epss
scoring_elements 0.66405
published_at 2026-04-01T12:55:00Z
10
value 0.00513
scoring_system epss
scoring_elements 0.66444
published_at 2026-04-02T12:55:00Z
11
value 0.00513
scoring_system epss
scoring_elements 0.66504
published_at 2026-04-09T12:55:00Z
12
value 0.00513
scoring_system epss
scoring_elements 0.66471
published_at 2026-04-04T12:55:00Z
13
value 0.00513
scoring_system epss
scoring_elements 0.6649
published_at 2026-04-08T12:55:00Z
14
value 0.00513
scoring_system epss
scoring_elements 0.66442
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2223
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/11f4a351224ef04cfeb9c7636fb1590b67543f3c
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/11f4a351224ef04cfeb9c7636fb1590b67543f3c
4
reference_url https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2223
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2223
6
reference_url http://www.openwall.com/lists/oss-security/2020/07/15/5
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/07/15/5
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1857433
reference_id 1857433
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1857433
8
reference_url https://github.com/advisories/GHSA-gfhj-524q-gcrm
reference_id GHSA-gfhj-524q-gcrm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gfhj-524q-gcrm
9
reference_url https://access.redhat.com/errata/RHSA-2020:3519
reference_id RHSA-2020:3519
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3519
10
reference_url https://access.redhat.com/errata/RHSA-2020:3541
reference_id RHSA-2020:3541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3541
11
reference_url https://access.redhat.com/errata/RHSA-2020:3808
reference_id RHSA-2020:3808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3808
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.245
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.245
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.245
aliases CVE-2020-2223, GHSA-gfhj-524q-gcrm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-he3v-ysf3-zkb8
3
url VCID-kusb-1k76-a3ck
vulnerability_id VCID-kusb-1k76-a3ck
summary 
Stored XSS vulnerability in Jenkins job build time trend
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.

Jenkins 2.245, LTS 2.235.2 escapes the agent name.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2220.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2220.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2220
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.61907
published_at 2026-04-29T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.61816
published_at 2026-04-07T12:55:00Z
2
value 0.00419
scoring_system epss
scoring_elements 0.61846
published_at 2026-04-04T12:55:00Z
3
value 0.00419
scoring_system epss
scoring_elements 0.61865
published_at 2026-04-08T12:55:00Z
4
value 0.00419
scoring_system epss
scoring_elements 0.61881
published_at 2026-04-09T12:55:00Z
5
value 0.00419
scoring_system epss
scoring_elements 0.61902
published_at 2026-04-21T12:55:00Z
6
value 0.00419
scoring_system epss
scoring_elements 0.6189
published_at 2026-04-12T12:55:00Z
7
value 0.00419
scoring_system epss
scoring_elements 0.6187
published_at 2026-04-13T12:55:00Z
8
value 0.00419
scoring_system epss
scoring_elements 0.61913
published_at 2026-04-16T12:55:00Z
9
value 0.00419
scoring_system epss
scoring_elements 0.61918
published_at 2026-04-18T12:55:00Z
10
value 0.00419
scoring_system epss
scoring_elements 0.61897
published_at 2026-04-24T12:55:00Z
11
value 0.00419
scoring_system epss
scoring_elements 0.61915
published_at 2026-04-26T12:55:00Z
12
value 0.00419
scoring_system epss
scoring_elements 0.61742
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2220
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/b43531acee280dedc3ea454a2fc5a1a42990ddda
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/b43531acee280dedc3ea454a2fc5a1a42990ddda
4
reference_url https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1868
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1868
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2220
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2220
6
reference_url http://www.openwall.com/lists/oss-security/2020/07/15/5
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/07/15/5
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1857425
reference_id 1857425
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1857425
8
reference_url https://github.com/advisories/GHSA-qgj4-rc8m-44mq
reference_id GHSA-qgj4-rc8m-44mq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qgj4-rc8m-44mq
9
reference_url https://access.redhat.com/errata/RHSA-2020:3519
reference_id RHSA-2020:3519
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3519
10
reference_url https://access.redhat.com/errata/RHSA-2020:3541
reference_id RHSA-2020:3541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3541
11
reference_url https://access.redhat.com/errata/RHSA-2020:3808
reference_id RHSA-2020:3808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3808
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.245
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.245
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.245
aliases CVE-2020-2220, GHSA-qgj4-rc8m-44mq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kusb-1k76-a3ck
4
url VCID-nqxw-x7ea-aqew
vulnerability_id VCID-nqxw-x7ea-aqew
summary 
Stored XSS vulnerability in Jenkins upstream cause
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.

Jenkins 2.245, LTS 2.235.2 escapes the job display name.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2221.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2221.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2221
reference_id
reference_type
scores
0
value 0.00524
scoring_system epss
scoring_elements 0.66999
published_at 2026-04-29T12:55:00Z
1
value 0.00524
scoring_system epss
scoring_elements 0.67
published_at 2026-04-26T12:55:00Z
2
value 0.00524
scoring_system epss
scoring_elements 0.66988
published_at 2026-04-24T12:55:00Z
3
value 0.00524
scoring_system epss
scoring_elements 0.66966
published_at 2026-04-21T12:55:00Z
4
value 0.00524
scoring_system epss
scoring_elements 0.66984
published_at 2026-04-18T12:55:00Z
5
value 0.00524
scoring_system epss
scoring_elements 0.6697
published_at 2026-04-16T12:55:00Z
6
value 0.00524
scoring_system epss
scoring_elements 0.66936
published_at 2026-04-13T12:55:00Z
7
value 0.00524
scoring_system epss
scoring_elements 0.66968
published_at 2026-04-12T12:55:00Z
8
value 0.00524
scoring_system epss
scoring_elements 0.66982
published_at 2026-04-11T12:55:00Z
9
value 0.00524
scoring_system epss
scoring_elements 0.66863
published_at 2026-04-01T12:55:00Z
10
value 0.00524
scoring_system epss
scoring_elements 0.669
published_at 2026-04-07T12:55:00Z
11
value 0.00524
scoring_system epss
scoring_elements 0.66962
published_at 2026-04-09T12:55:00Z
12
value 0.00524
scoring_system epss
scoring_elements 0.66949
published_at 2026-04-08T12:55:00Z
13
value 0.00524
scoring_system epss
scoring_elements 0.66927
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2221
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/f6e575381bdba85afaf27c529d7298091f226e49
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/f6e575381bdba85afaf27c529d7298091f226e49
4
reference_url https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1901
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1901
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2221
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2221
6
reference_url http://www.openwall.com/lists/oss-security/2020/07/15/5
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/07/15/5
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1857427
reference_id 1857427
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1857427
8
reference_url https://github.com/advisories/GHSA-g4j6-m3m3-crw8
reference_id GHSA-g4j6-m3m3-crw8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4j6-m3m3-crw8
9
reference_url https://access.redhat.com/errata/RHSA-2020:3519
reference_id RHSA-2020:3519
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3519
10
reference_url https://access.redhat.com/errata/RHSA-2020:3541
reference_id RHSA-2020:3541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3541
11
reference_url https://access.redhat.com/errata/RHSA-2020:3808
reference_id RHSA-2020:3808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3808
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.245
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.245
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.245
aliases CVE-2020-2221, GHSA-g4j6-m3m3-crw8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqxw-x7ea-aqew
5
url VCID-v5aw-ffxe-ckdv
vulnerability_id VCID-v5aw-ffxe-ckdv
summary 
Stored XSS vulnerability in Jenkins 'keep forever' badge icon
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure job names.

As job names do not generally support the character set needed for XSS, this is believed to be difficult to exploit in common configurations.

Jenkins 2.245, LTS 2.235.2 escapes the job name in the 'Keep this build forever' badge tooltip.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2222.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2222.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2222
reference_id
reference_type
scores
0
value 0.00519
scoring_system epss
scoring_elements 0.6687
published_at 2026-04-29T12:55:00Z
1
value 0.00519
scoring_system epss
scoring_elements 0.66873
published_at 2026-04-26T12:55:00Z
2
value 0.00519
scoring_system epss
scoring_elements 0.6686
published_at 2026-04-24T12:55:00Z
3
value 0.00519
scoring_system epss
scoring_elements 0.66835
published_at 2026-04-21T12:55:00Z
4
value 0.00519
scoring_system epss
scoring_elements 0.66852
published_at 2026-04-18T12:55:00Z
5
value 0.00519
scoring_system epss
scoring_elements 0.66838
published_at 2026-04-16T12:55:00Z
6
value 0.00519
scoring_system epss
scoring_elements 0.66805
published_at 2026-04-13T12:55:00Z
7
value 0.00519
scoring_system epss
scoring_elements 0.66837
published_at 2026-04-12T12:55:00Z
8
value 0.00519
scoring_system epss
scoring_elements 0.66851
published_at 2026-04-11T12:55:00Z
9
value 0.00519
scoring_system epss
scoring_elements 0.66731
published_at 2026-04-01T12:55:00Z
10
value 0.00519
scoring_system epss
scoring_elements 0.6677
published_at 2026-04-02T12:55:00Z
11
value 0.00519
scoring_system epss
scoring_elements 0.66831
published_at 2026-04-09T12:55:00Z
12
value 0.00519
scoring_system epss
scoring_elements 0.66795
published_at 2026-04-04T12:55:00Z
13
value 0.00519
scoring_system epss
scoring_elements 0.66816
published_at 2026-04-08T12:55:00Z
14
value 0.00519
scoring_system epss
scoring_elements 0.66767
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2222
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
3
reference_url https://github.com/jenkinsci/jenkins/commit/e7443ef2ef255253231f3f1db0034fae39f0cba5
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/e7443ef2ef255253231f3f1db0034fae39f0cba5
4
reference_url https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2222
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2222
6
reference_url http://www.openwall.com/lists/oss-security/2020/07/15/5
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/07/15/5
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1857431
reference_id 1857431
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1857431
8
reference_url https://github.com/advisories/GHSA-864v-5q2g-fr64
reference_id GHSA-864v-5q2g-fr64
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-864v-5q2g-fr64
9
reference_url https://access.redhat.com/errata/RHSA-2020:3519
reference_id RHSA-2020:3519
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3519
10
reference_url https://access.redhat.com/errata/RHSA-2020:3541
reference_id RHSA-2020:3541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3541
11
reference_url https://access.redhat.com/errata/RHSA-2020:3808
reference_id RHSA-2020:3808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3808
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.245
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.245
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.245
aliases CVE-2020-2222, GHSA-864v-5q2g-fr64
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5aw-ffxe-ckdv
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.236