Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-n5p2-kxqd-xqdb

Summary

Information Exposure
An arbitrary file read vulnerability exists in the Jenkins SSH Credentials Plugin in `BasicSSHUserPrivateKey.java` that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.

Aliases

alias	CVE-2018-1000601

alias	GHSA-cwcf-5m5w-mq2w

Fixed_packages

url	pkg:maven/org.jenkins-ci.plugins/credentials@2.1.17
purl	pkg:maven/org.jenkins-ci.plugins/credentials@2.1.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/credentials@2.1.17

url	pkg:maven/org.jenkins-ci.plugins/ssh-credentials@1.14
purl	pkg:maven/org.jenkins-ci.plugins/ssh-credentials@1.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/ssh-credentials@1.14

Affected_packages

url pkg:maven/org.jenkins-ci.plugins/ssh-credentials@1.13

purl pkg:maven/org.jenkins-ci.plugins/ssh-credentials@1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n5p2-kxqd-xqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/ssh-credentials@1.13

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000601

reference_id

reference_type

scores

value	0.00316
scoring_system	epss
scoring_elements	0.54964
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000601

reference_url	https://github.com/jenkinsci/credentials-plugin/commit/23fbd6de33cc3cb74eafd44e7b27dd87b52c8904
reference_id
reference_type
scores
url	https://github.com/jenkinsci/credentials-plugin/commit/23fbd6de33cc3cb74eafd44e7b27dd87b52c8904

reference_url	https://github.com/jenkinsci/ssh-credentials-plugin/commit/18b3121fa94a174064447d637dc11539e33b3a76
reference_id
reference_type
scores
url	https://github.com/jenkinsci/ssh-credentials-plugin/commit/18b3121fa94a174064447d637dc11539e33b3a76

reference_url	https://github.com/jenkinsci/ssh-credentials-plugin/commits/ssh-credentials-1.14
reference_id
reference_type
scores
url	https://github.com/jenkinsci/ssh-credentials-plugin/commits/ssh-credentials-1.14

reference_url	https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1000601
reference_id	CVE-2018-1000601
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1000601

reference_url	https://github.com/advisories/GHSA-cwcf-5m5w-mq2w
reference_id	GHSA-cwcf-5m5w-mq2w
reference_type
scores
url	https://github.com/advisories/GHSA-cwcf-5m5w-mq2w

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n5p2-kxqd-xqdb

Vulnerability Instance