Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-re1r-xjv4-sqd3
Summary
Improper Neutralization of Input During Web Page Generation in Jenkins
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
Aliases
0
alias CVE-2020-2231
1
alias GHSA-jpvq-v729-7j2h
Fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.4
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.4
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.252
Affected_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.3
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cgen-qcyh-yqbu
1
vulnerability VCID-fy5p-8vcs-zkha
2
vulnerability VCID-re1r-xjv4-sqd3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.235.3
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.237
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.237
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-re1r-xjv4-sqd3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.237
2
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.251
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.251
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cgen-qcyh-yqbu
1
vulnerability VCID-fy5p-8vcs-zkha
2
vulnerability VCID-re1r-xjv4-sqd3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.251
3
url pkg:rpm/redhat/jenkins@2.235.5.1600414805-1?arch=el7
purl pkg:rpm/redhat/jenkins@2.235.5.1600414805-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cgen-qcyh-yqbu
1
vulnerability VCID-fy5p-8vcs-zkha
2
vulnerability VCID-re1r-xjv4-sqd3
3
vulnerability VCID-sw3q-jzqx-dkbn
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.235.5.1600414805-1%3Farch=el7
4
url pkg:rpm/redhat/jenkins@2.235.5.1600415514-1?arch=el7
purl pkg:rpm/redhat/jenkins@2.235.5.1600415514-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cgen-qcyh-yqbu
1
vulnerability VCID-fy5p-8vcs-zkha
2
vulnerability VCID-he3v-ysf3-zkb8
3
vulnerability VCID-kusb-1k76-a3ck
4
vulnerability VCID-nqxw-x7ea-aqew
5
vulnerability VCID-re1r-xjv4-sqd3
6
vulnerability VCID-sw3q-jzqx-dkbn
7
vulnerability VCID-v5aw-ffxe-ckdv
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.235.5.1600415514-1%3Farch=el7
5
url pkg:rpm/redhat/jenkins@2.235.5.1600415953-1?arch=el7
purl pkg:rpm/redhat/jenkins@2.235.5.1600415953-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cgen-qcyh-yqbu
1
vulnerability VCID-fy5p-8vcs-zkha
2
vulnerability VCID-re1r-xjv4-sqd3
3
vulnerability VCID-sw3q-jzqx-dkbn
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.235.5.1600415953-1%3Farch=el7
References
0
reference_url http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2231.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2231.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2231
reference_id
reference_type
scores
0
value 0.00472
scoring_system epss
scoring_elements 0.64797
published_at 2026-05-09T12:55:00Z
1
value 0.00472
scoring_system epss
scoring_elements 0.64661
published_at 2026-04-13T12:55:00Z
2
value 0.00472
scoring_system epss
scoring_elements 0.64697
published_at 2026-04-16T12:55:00Z
3
value 0.00472
scoring_system epss
scoring_elements 0.64709
published_at 2026-04-18T12:55:00Z
4
value 0.00472
scoring_system epss
scoring_elements 0.64696
published_at 2026-04-21T12:55:00Z
5
value 0.00472
scoring_system epss
scoring_elements 0.64716
published_at 2026-04-24T12:55:00Z
6
value 0.00472
scoring_system epss
scoring_elements 0.64728
published_at 2026-04-26T12:55:00Z
7
value 0.00472
scoring_system epss
scoring_elements 0.64726
published_at 2026-04-29T12:55:00Z
8
value 0.00472
scoring_system epss
scoring_elements 0.64705
published_at 2026-05-05T12:55:00Z
9
value 0.00472
scoring_system epss
scoring_elements 0.64752
published_at 2026-05-07T12:55:00Z
10
value 0.00472
scoring_system epss
scoring_elements 0.64581
published_at 2026-04-01T12:55:00Z
11
value 0.00472
scoring_system epss
scoring_elements 0.64634
published_at 2026-04-02T12:55:00Z
12
value 0.00472
scoring_system epss
scoring_elements 0.64663
published_at 2026-04-04T12:55:00Z
13
value 0.00472
scoring_system epss
scoring_elements 0.6462
published_at 2026-04-07T12:55:00Z
14
value 0.00472
scoring_system epss
scoring_elements 0.64669
published_at 2026-04-08T12:55:00Z
15
value 0.00472
scoring_system epss
scoring_elements 0.64684
published_at 2026-04-09T12:55:00Z
16
value 0.00472
scoring_system epss
scoring_elements 0.64701
published_at 2026-04-11T12:55:00Z
17
value 0.00472
scoring_system epss
scoring_elements 0.64689
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2231
3
reference_url https://github.com/jenkinsci/jenkins/commit/29c9a8fdeafe26fded955cfba188f50fd4f1786a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/29c9a8fdeafe26fded955cfba188f50fd4f1786a
4
reference_url https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2231
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2231
6
reference_url http://www.openwall.com/lists/oss-security/2020/08/12/4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/08/12/4
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1875234
reference_id 1875234
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1875234
8
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49244.txt
reference_id CVE-2020-2231
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/49244.txt
9
reference_url https://github.com/advisories/GHSA-jpvq-v729-7j2h
reference_id GHSA-jpvq-v729-7j2h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jpvq-v729-7j2h
10
reference_url https://access.redhat.com/errata/RHSA-2020:3808
reference_id RHSA-2020:3808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3808
11
reference_url https://access.redhat.com/errata/RHSA-2020:3841
reference_id RHSA-2020:3841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3841
12
reference_url https://access.redhat.com/errata/RHSA-2020:4220
reference_id RHSA-2020:4220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4220
13
reference_url https://access.redhat.com/errata/RHSA-2020:4223
reference_id RHSA-2020:4223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4223
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
0
date_added 2020-12-14
description Jenkins 2.235.3 - 'X-Forwarded-For' Stored XSS
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2020-12-14
exploit_type webapps
platform java
source_date_updated 2021-02-17
data_source Exploit-DB
source_url
Severity_range_score4.0 - 6.9
Exploitability2.0
Weighted_severity6.2
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-re1r-xjv4-sqd3