Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-pwtj-az3g-zka3
Summary
Improper Authorization in Google OAuth Client
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
Aliases
0
alias CVE-2020-7692
1
alias GHSA-f263-c949-w85g
Fixed_packages
0
url pkg:deb/debian/google-oauth-client-java@1.28.0-2?distro=trixie
purl pkg:deb/debian/google-oauth-client-java@1.28.0-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/google-oauth-client-java@1.28.0-2%3Fdistro=trixie
1
url pkg:deb/debian/google-oauth-client-java@1.34.1-2?distro=trixie
purl pkg:deb/debian/google-oauth-client-java@1.34.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/google-oauth-client-java@1.34.1-2%3Fdistro=trixie
2
url pkg:maven/com.google.oauth-client/google-oauth-client@1.31.0
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.31.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.31.0
Affected_packages
0
url pkg:maven/com.google.oauth-client/google-oauth-client@1.5.0-alpha
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.5.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.5.0-alpha
1
url pkg:maven/com.google.oauth-client/google-oauth-client@1.5.0-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.5.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.5.0-beta
2
url pkg:maven/com.google.oauth-client/google-oauth-client@1.5.1-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.5.1-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.5.1-beta
3
url pkg:maven/com.google.oauth-client/google-oauth-client@1.5.2-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.5.2-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.5.2-beta
4
url pkg:maven/com.google.oauth-client/google-oauth-client@1.6.0-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.6.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.6.0-beta
5
url pkg:maven/com.google.oauth-client/google-oauth-client@1.7.0-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.7.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.7.0-beta
6
url pkg:maven/com.google.oauth-client/google-oauth-client@1.8.0-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.8.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.8.0-beta
7
url pkg:maven/com.google.oauth-client/google-oauth-client@1.9.0-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.9.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.9.0-beta
8
url pkg:maven/com.google.oauth-client/google-oauth-client@1.10.0-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.10.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.10.0-beta
9
url pkg:maven/com.google.oauth-client/google-oauth-client@1.10.1-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.10.1-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.10.1-beta
10
url pkg:maven/com.google.oauth-client/google-oauth-client@1.11.0-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.11.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.11.0-beta
11
url pkg:maven/com.google.oauth-client/google-oauth-client@1.12.0-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.12.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.12.0-beta
12
url pkg:maven/com.google.oauth-client/google-oauth-client@1.13.0-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.13.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.13.0-beta
13
url pkg:maven/com.google.oauth-client/google-oauth-client@1.13.1-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.13.1-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.13.1-beta
14
url pkg:maven/com.google.oauth-client/google-oauth-client@1.14.0-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.14.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.14.0-beta
15
url pkg:maven/com.google.oauth-client/google-oauth-client@1.14.1-beta
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.14.1-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.14.1-beta
16
url pkg:maven/com.google.oauth-client/google-oauth-client@1.15.0-rc
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.15.0-rc
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.15.0-rc
17
url pkg:maven/com.google.oauth-client/google-oauth-client@1.16.0-rc
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.16.0-rc
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nxra-x3yv-5qd6
1
vulnerability VCID-pwtj-az3g-zka3
2
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.16.0-rc
18
url pkg:maven/com.google.oauth-client/google-oauth-client@1.17.0-rc
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.17.0-rc
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.17.0-rc
19
url pkg:maven/com.google.oauth-client/google-oauth-client@1.18.0-rc
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.18.0-rc
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.18.0-rc
20
url pkg:maven/com.google.oauth-client/google-oauth-client@1.19.0
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.19.0
21
url pkg:maven/com.google.oauth-client/google-oauth-client@1.20.0
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.20.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.20.0
22
url pkg:maven/com.google.oauth-client/google-oauth-client@1.21.0
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.21.0
23
url pkg:maven/com.google.oauth-client/google-oauth-client@1.22.0
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.22.0
24
url pkg:maven/com.google.oauth-client/google-oauth-client@1.23.0
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.23.0
25
url pkg:maven/com.google.oauth-client/google-oauth-client@1.24.1
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.24.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.24.1
26
url pkg:maven/com.google.oauth-client/google-oauth-client@1.25.0
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.25.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.25.0
27
url pkg:maven/com.google.oauth-client/google-oauth-client@1.26.0
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.26.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.26.0
28
url pkg:maven/com.google.oauth-client/google-oauth-client@1.27.0
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.27.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.27.0
29
url pkg:maven/com.google.oauth-client/google-oauth-client@1.28.0
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.28.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.28.0
30
url pkg:maven/com.google.oauth-client/google-oauth-client@1.29.0
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.29.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.29.0
31
url pkg:maven/com.google.oauth-client/google-oauth-client@1.29.2
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.29.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.29.2
32
url pkg:maven/com.google.oauth-client/google-oauth-client@1.30.1
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.30.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.30.1
33
url pkg:maven/com.google.oauth-client/google-oauth-client@1.30.2
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.30.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.30.2
34
url pkg:maven/com.google.oauth-client/google-oauth-client@1.30.3
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.30.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.30.3
35
url pkg:maven/com.google.oauth-client/google-oauth-client@1.30.4
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.30.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.30.4
36
url pkg:maven/com.google.oauth-client/google-oauth-client@1.30.5
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.30.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.30.5
37
url pkg:maven/com.google.oauth-client/google-oauth-client@1.30.6
purl pkg:maven/com.google.oauth-client/google-oauth-client@1.30.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwtj-az3g-zka3
1
vulnerability VCID-wyyt-3d6v-qbc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.oauth-client/google-oauth-client@1.30.6
38
url pkg:rpm/redhat/jenkins-2-plugins@4.9.1675668922-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.9.1675668922-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13zs-2sn8-3yey
1
vulnerability VCID-1tha-u7dt-tfc9
2
vulnerability VCID-2zhb-qfhq-xkdp
3
vulnerability VCID-4qvq-xv22-xbed
4
vulnerability VCID-5jjh-qcnz-mye7
5
vulnerability VCID-73th-g3mx-dqf1
6
vulnerability VCID-892e-957y-4yc8
7
vulnerability VCID-9h4k-xjx5-afc8
8
vulnerability VCID-atqg-nfz6-zyfs
9
vulnerability VCID-ca7m-fb38-kfe2
10
vulnerability VCID-dmkc-42vj-gbhc
11
vulnerability VCID-fzvq-dpvh-v7eu
12
vulnerability VCID-gxu6-51zm-sfh7
13
vulnerability VCID-mm3e-4pej-byed
14
vulnerability VCID-n5vc-ggjg-kfc1
15
vulnerability VCID-netd-rr9e-wbg5
16
vulnerability VCID-pnge-tumu-v7e2
17
vulnerability VCID-pwtj-az3g-zka3
18
vulnerability VCID-rs56-6qvx-vucg
19
vulnerability VCID-rxtr-936k-h3cc
20
vulnerability VCID-s839-rpta-6bej
21
vulnerability VCID-tx8n-nmhx-gqg1
22
vulnerability VCID-ubq1-gzr6-x3fu
23
vulnerability VCID-xq5k-dyk9-u3ct
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.9.1675668922-1%3Farch=el8
39
url pkg:rpm/redhat/jenkins-2-plugins@4.10.1675144701-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.10.1675144701-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13zs-2sn8-3yey
1
vulnerability VCID-1tha-u7dt-tfc9
2
vulnerability VCID-2zhb-qfhq-xkdp
3
vulnerability VCID-4qvq-xv22-xbed
4
vulnerability VCID-5jjh-qcnz-mye7
5
vulnerability VCID-73th-g3mx-dqf1
6
vulnerability VCID-892e-957y-4yc8
7
vulnerability VCID-9h4k-xjx5-afc8
8
vulnerability VCID-atqg-nfz6-zyfs
9
vulnerability VCID-ca7m-fb38-kfe2
10
vulnerability VCID-fzvq-dpvh-v7eu
11
vulnerability VCID-gxu6-51zm-sfh7
12
vulnerability VCID-mm3e-4pej-byed
13
vulnerability VCID-n5vc-ggjg-kfc1
14
vulnerability VCID-netd-rr9e-wbg5
15
vulnerability VCID-pnge-tumu-v7e2
16
vulnerability VCID-pwtj-az3g-zka3
17
vulnerability VCID-rs56-6qvx-vucg
18
vulnerability VCID-rxtr-936k-h3cc
19
vulnerability VCID-s839-rpta-6bej
20
vulnerability VCID-tx8n-nmhx-gqg1
21
vulnerability VCID-ubq1-gzr6-x3fu
22
vulnerability VCID-xq5k-dyk9-u3ct
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.10.1675144701-1%3Farch=el8
40
url pkg:rpm/redhat/jenkins-2-plugins@4.12.1698294000-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.12.1698294000-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5bu5-5b6n-nuft
1
vulnerability VCID-h7qt-3g1f-5ffr
2
vulnerability VCID-j584-bgww-z7fw
3
vulnerability VCID-j986-mtma-b3bw
4
vulnerability VCID-mm3e-4pej-byed
5
vulnerability VCID-pwtj-az3g-zka3
6
vulnerability VCID-quvj-3tpk-qug1
7
vulnerability VCID-zxcj-h6nx-m7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.12.1698294000-1%3Farch=el8
41
url pkg:rpm/redhat/jenkins-2-plugins@4.12.1706515741-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.12.1706515741-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17sn-57uv-gkg3
1
vulnerability VCID-2a3h-6wad-63gc
2
vulnerability VCID-5bu5-5b6n-nuft
3
vulnerability VCID-a1eu-yahc-ffgr
4
vulnerability VCID-fnpa-1sqy-u7hw
5
vulnerability VCID-h9yg-u3jh-mbfq
6
vulnerability VCID-j456-xdn6-xyej
7
vulnerability VCID-j584-bgww-z7fw
8
vulnerability VCID-j986-mtma-b3bw
9
vulnerability VCID-m3g5-ua28-afd2
10
vulnerability VCID-mm3e-4pej-byed
11
vulnerability VCID-pwtj-az3g-zka3
12
vulnerability VCID-quvj-3tpk-qug1
13
vulnerability VCID-zxcj-h6nx-m7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.12.1706515741-1%3Farch=el8
42
url pkg:rpm/redhat/jenkins-2-plugins@4.13.1684911916-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.13.1684911916-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5bu5-5b6n-nuft
1
vulnerability VCID-j986-mtma-b3bw
2
vulnerability VCID-nfjb-tkzv-fudg
3
vulnerability VCID-pwtj-az3g-zka3
4
vulnerability VCID-quvj-3tpk-qug1
5
vulnerability VCID-wj5y-g7z1-9qam
6
vulnerability VCID-zxcj-h6nx-m7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.13.1684911916-1%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7692.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7692.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7692
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.2434
published_at 2026-05-14T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24255
published_at 2026-05-12T12:55:00Z
2
value 0.00084
scoring_system epss
scoring_elements 0.24238
published_at 2026-05-11T12:55:00Z
3
value 0.00084
scoring_system epss
scoring_elements 0.24296
published_at 2026-05-09T12:55:00Z
4
value 0.00084
scoring_system epss
scoring_elements 0.24234
published_at 2026-05-07T12:55:00Z
5
value 0.00084
scoring_system epss
scoring_elements 0.24152
published_at 2026-05-05T12:55:00Z
6
value 0.00084
scoring_system epss
scoring_elements 0.24266
published_at 2026-04-29T12:55:00Z
7
value 0.00084
scoring_system epss
scoring_elements 0.24307
published_at 2026-04-26T12:55:00Z
8
value 0.00084
scoring_system epss
scoring_elements 0.24322
published_at 2026-04-24T12:55:00Z
9
value 0.00084
scoring_system epss
scoring_elements 0.24435
published_at 2026-04-21T12:55:00Z
10
value 0.00084
scoring_system epss
scoring_elements 0.2446
published_at 2026-04-18T12:55:00Z
11
value 0.00084
scoring_system epss
scoring_elements 0.24465
published_at 2026-04-16T12:55:00Z
12
value 0.00084
scoring_system epss
scoring_elements 0.2445
published_at 2026-04-13T12:55:00Z
13
value 0.00084
scoring_system epss
scoring_elements 0.24508
published_at 2026-04-12T12:55:00Z
14
value 0.00084
scoring_system epss
scoring_elements 0.24552
published_at 2026-04-11T12:55:00Z
15
value 0.00084
scoring_system epss
scoring_elements 0.24536
published_at 2026-04-09T12:55:00Z
16
value 0.00084
scoring_system epss
scoring_elements 0.24493
published_at 2026-04-08T12:55:00Z
17
value 0.00084
scoring_system epss
scoring_elements 0.24494
published_at 2026-04-01T12:55:00Z
18
value 0.00084
scoring_system epss
scoring_elements 0.24424
published_at 2026-04-07T12:55:00Z
19
value 0.00084
scoring_system epss
scoring_elements 0.24649
published_at 2026-04-04T12:55:00Z
20
value 0.00084
scoring_system epss
scoring_elements 0.24612
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7692
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7692
3
reference_url https://github.com/googleapis/google-oauth-java-client
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/googleapis/google-oauth-java-client
4
reference_url https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824
5
reference_url https://github.com/googleapis/google-oauth-java-client/issues/469
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/googleapis/google-oauth-java-client/issues/469
6
reference_url https://lists.apache.org/thread.html/r3db6ac73e0558d64f0b664f2fa4ef0a865e57c5de20f8321d3b48678@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3db6ac73e0558d64f0b664f2fa4ef0a865e57c5de20f8321d3b48678@%3Ccommits.druid.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/reae8909b264d1103f321b9ce1623c10c1ddc77dba9790247f2c0c90f@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/reae8909b264d1103f321b9ce1623c10c1ddc77dba9790247f2c0c90f@%3Ccommits.druid.apache.org%3E
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7692
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7692
9
reference_url https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276
10
reference_url https://tools.ietf.org/html/rfc7636%23section-1
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tools.ietf.org/html/rfc7636%23section-1
11
reference_url https://tools.ietf.org/html/rfc8252%23section-8.1
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tools.ietf.org/html/rfc8252%23section-8.1
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1856376
reference_id 1856376
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1856376
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944
reference_id 988944
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944
14
reference_url https://github.com/advisories/GHSA-f263-c949-w85g
reference_id GHSA-f263-c949-w85g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f263-c949-w85g
15
reference_url https://access.redhat.com/errata/RHSA-2023:0560
reference_id RHSA-2023:0560
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0560
16
reference_url https://access.redhat.com/errata/RHSA-2023:0777
reference_id RHSA-2023:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0777
17
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
18
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
19
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
Weaknesses
0
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
1
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
2
cwe_id 306
name Missing Authentication for Critical Function
description The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
4
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-pwtj-az3g-zka3