Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-hp27-w6wh-3ya6
Summary
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin
Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs.
Aliases
0
alias CVE-2022-25184
1
alias GHSA-g84f-cmc8-682c
Fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/pipeline-build-step@2.15.1
purl pkg:maven/org.jenkins-ci.plugins/pipeline-build-step@2.15.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/pipeline-build-step@2.15.1
Affected_packages
0
url pkg:maven/org.jenkins-ci.plugins/pipeline-build-step@2.15
purl pkg:maven/org.jenkins-ci.plugins/pipeline-build-step@2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hp27-w6wh-3ya6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/pipeline-build-step@2.15
1
url pkg:rpm/redhat/jenkins-2-plugins@3.11.1650371376-1?arch=el7
purl pkg:rpm/redhat/jenkins-2-plugins@3.11.1650371376-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vqh-anad-xqbt
1
vulnerability VCID-41xr-8bvs-tucs
2
vulnerability VCID-a8d9-5365-qubn
3
vulnerability VCID-chux-mqkp-cfe5
4
vulnerability VCID-gv26-67cj-t3ae
5
vulnerability VCID-h57k-wsgx-4kbr
6
vulnerability VCID-hp27-w6wh-3ya6
7
vulnerability VCID-jj9c-e7k7-aqea
8
vulnerability VCID-m4y6-523t-v7ft
9
vulnerability VCID-msed-m3xv-rkfg
10
vulnerability VCID-s2j3-7pfj-buav
11
vulnerability VCID-x5nw-w14p-juas
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.11.1650371376-1%3Farch=el7
2
url pkg:rpm/redhat/jenkins-2-plugins@4.6.1650364520-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.6.1650364520-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vqh-anad-xqbt
1
vulnerability VCID-41xr-8bvs-tucs
2
vulnerability VCID-a8d9-5365-qubn
3
vulnerability VCID-chux-mqkp-cfe5
4
vulnerability VCID-gv26-67cj-t3ae
5
vulnerability VCID-h57k-wsgx-4kbr
6
vulnerability VCID-hp27-w6wh-3ya6
7
vulnerability VCID-jj9c-e7k7-aqea
8
vulnerability VCID-m4y6-523t-v7ft
9
vulnerability VCID-msed-m3xv-rkfg
10
vulnerability VCID-s2j3-7pfj-buav
11
vulnerability VCID-x5nw-w14p-juas
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.6.1650364520-1%3Farch=el8
3
url pkg:rpm/redhat/jenkins-2-plugins@4.7.1648800585-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.7.1648800585-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vqh-anad-xqbt
1
vulnerability VCID-41xr-8bvs-tucs
2
vulnerability VCID-a8d9-5365-qubn
3
vulnerability VCID-chux-mqkp-cfe5
4
vulnerability VCID-gv26-67cj-t3ae
5
vulnerability VCID-h57k-wsgx-4kbr
6
vulnerability VCID-hp27-w6wh-3ya6
7
vulnerability VCID-jj9c-e7k7-aqea
8
vulnerability VCID-m4y6-523t-v7ft
9
vulnerability VCID-msed-m3xv-rkfg
10
vulnerability VCID-s2j3-7pfj-buav
11
vulnerability VCID-x5nw-w14p-juas
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.7.1648800585-1%3Farch=el8
4
url pkg:rpm/redhat/jenkins-2-plugins@4.8.1646993358-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.8.1646993358-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ftm-axhf-gbbd
1
vulnerability VCID-2jak-uh1e-zbfx
2
vulnerability VCID-3vqh-anad-xqbt
3
vulnerability VCID-41xr-8bvs-tucs
4
vulnerability VCID-a8d9-5365-qubn
5
vulnerability VCID-chux-mqkp-cfe5
6
vulnerability VCID-gv26-67cj-t3ae
7
vulnerability VCID-h57k-wsgx-4kbr
8
vulnerability VCID-hp27-w6wh-3ya6
9
vulnerability VCID-jj9c-e7k7-aqea
10
vulnerability VCID-m4y6-523t-v7ft
11
vulnerability VCID-msed-m3xv-rkfg
12
vulnerability VCID-s2j3-7pfj-buav
13
vulnerability VCID-x5nw-w14p-juas
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.8.1646993358-1%3Farch=el8
5
url pkg:rpm/redhat/jenkins-2-plugins@4.9.1647580879-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.9.1647580879-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vqh-anad-xqbt
1
vulnerability VCID-41xr-8bvs-tucs
2
vulnerability VCID-a8d9-5365-qubn
3
vulnerability VCID-chux-mqkp-cfe5
4
vulnerability VCID-gv26-67cj-t3ae
5
vulnerability VCID-h57k-wsgx-4kbr
6
vulnerability VCID-hp27-w6wh-3ya6
7
vulnerability VCID-jj9c-e7k7-aqea
8
vulnerability VCID-m4y6-523t-v7ft
9
vulnerability VCID-msed-m3xv-rkfg
10
vulnerability VCID-s2j3-7pfj-buav
11
vulnerability VCID-x5nw-w14p-juas
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.9.1647580879-1%3Farch=el8
6
url pkg:rpm/redhat/jenkins-2-plugins@4.10.1647505461-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.10.1647505461-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vqh-anad-xqbt
1
vulnerability VCID-41xr-8bvs-tucs
2
vulnerability VCID-a8d9-5365-qubn
3
vulnerability VCID-chux-mqkp-cfe5
4
vulnerability VCID-gv26-67cj-t3ae
5
vulnerability VCID-h57k-wsgx-4kbr
6
vulnerability VCID-hp27-w6wh-3ya6
7
vulnerability VCID-jj9c-e7k7-aqea
8
vulnerability VCID-m4y6-523t-v7ft
9
vulnerability VCID-msed-m3xv-rkfg
10
vulnerability VCID-s2j3-7pfj-buav
11
vulnerability VCID-x5nw-w14p-juas
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.10.1647505461-1%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25184.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25184.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25184
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25049
published_at 2026-04-29T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25269
published_at 2026-04-09T12:55:00Z
2
value 0.00088
scoring_system epss
scoring_elements 0.25284
published_at 2026-04-11T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.25242
published_at 2026-04-12T12:55:00Z
4
value 0.00088
scoring_system epss
scoring_elements 0.25189
published_at 2026-04-13T12:55:00Z
5
value 0.00088
scoring_system epss
scoring_elements 0.25198
published_at 2026-04-16T12:55:00Z
6
value 0.00088
scoring_system epss
scoring_elements 0.25188
published_at 2026-04-18T12:55:00Z
7
value 0.00088
scoring_system epss
scoring_elements 0.25157
published_at 2026-04-21T12:55:00Z
8
value 0.00088
scoring_system epss
scoring_elements 0.25105
published_at 2026-04-24T12:55:00Z
9
value 0.00088
scoring_system epss
scoring_elements 0.25094
published_at 2026-04-26T12:55:00Z
10
value 0.00088
scoring_system epss
scoring_elements 0.25338
published_at 2026-04-02T12:55:00Z
11
value 0.00088
scoring_system epss
scoring_elements 0.25378
published_at 2026-04-04T12:55:00Z
12
value 0.00088
scoring_system epss
scoring_elements 0.25155
published_at 2026-04-07T12:55:00Z
13
value 0.00088
scoring_system epss
scoring_elements 0.25224
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25184
2
reference_url https://github.com/jenkinsci/pipeline-build-step-plugin
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-build-step-plugin
3
reference_url https://github.com/jenkinsci/pipeline-build-step-plugin/commit/c06f65425fe9696d2237f591959dd4b5c6083fd9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-build-step-plugin/commit/c06f65425fe9696d2237f591959dd4b5c6083fd9
4
reference_url https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2519
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2519
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2055804
reference_id 2055804
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2055804
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25184
reference_id CVE-2022-25184
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25184
7
reference_url https://github.com/advisories/GHSA-g84f-cmc8-682c
reference_id GHSA-g84f-cmc8-682c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g84f-cmc8-682c
8
reference_url https://access.redhat.com/errata/RHSA-2022:0871
reference_id RHSA-2022:0871
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0871
9
reference_url https://access.redhat.com/errata/RHSA-2022:1021
reference_id RHSA-2022:1021
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1021
10
reference_url https://access.redhat.com/errata/RHSA-2022:1025
reference_id RHSA-2022:1025
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1025
11
reference_url https://access.redhat.com/errata/RHSA-2022:1248
reference_id RHSA-2022:1248
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1248
12
reference_url https://access.redhat.com/errata/RHSA-2022:1420
reference_id RHSA-2022:1420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1420
13
reference_url https://access.redhat.com/errata/RHSA-2022:1620
reference_id RHSA-2022:1620
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1620
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 522
name Insufficiently Protected Credentials
description The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 359
name Exposure of Private Personal Information to an Unauthorized Actor
description The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-hp27-w6wh-3ya6