Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-g6yv-hh51-mfak
Summary
Information Exposure
A vulnerability exists in the Jenkins GitHub Plugin in `GitHubServerConfig.java` that allows attackers with Overall/Read IDs obtained through another method, to capture credentials stored in Jenkins.
Aliases
0
alias CVE-2018-1000183
1
alias GHSA-v7g7-cmxx-wxw9
Fixed_packages
Affected_packages
0
url pkg:maven/com.coravy.hudson.plugins.github/github@0.1
purl pkg:maven/com.coravy.hudson.plugins.github/github@0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h4k-xjx5-afc8
1
vulnerability VCID-cqz5-3btv-3fbq
2
vulnerability VCID-g6yv-hh51-mfak
3
vulnerability VCID-tkye-gc3b-n3c5
4
vulnerability VCID-zh7t-qc1z-6few
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.coravy.hudson.plugins.github/github@0.1
1
url pkg:maven/com.coravy.hudson.plugins.github/github@0.2
purl pkg:maven/com.coravy.hudson.plugins.github/github@0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h4k-xjx5-afc8
1
vulnerability VCID-cqz5-3btv-3fbq
2
vulnerability VCID-g6yv-hh51-mfak
3
vulnerability VCID-tkye-gc3b-n3c5
4
vulnerability VCID-zh7t-qc1z-6few
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.coravy.hudson.plugins.github/github@0.2
2
url pkg:maven/com.coravy.hudson.plugins.github/github@1.29.0
purl pkg:maven/com.coravy.hudson.plugins.github/github@1.29.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cqz5-3btv-3fbq
1
vulnerability VCID-g6yv-hh51-mfak
2
vulnerability VCID-tkye-gc3b-n3c5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.coravy.hudson.plugins.github/github@1.29.0
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000183.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000183.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000183
reference_id
reference_type
scores
0
value 0.00316
scoring_system epss
scoring_elements 0.54669
published_at 2026-05-07T12:55:00Z
1
value 0.00316
scoring_system epss
scoring_elements 0.54718
published_at 2026-04-08T12:55:00Z
2
value 0.00316
scoring_system epss
scoring_elements 0.54713
published_at 2026-04-09T12:55:00Z
3
value 0.00316
scoring_system epss
scoring_elements 0.54726
published_at 2026-04-16T12:55:00Z
4
value 0.00316
scoring_system epss
scoring_elements 0.5471
published_at 2026-04-12T12:55:00Z
5
value 0.00316
scoring_system epss
scoring_elements 0.54688
published_at 2026-04-13T12:55:00Z
6
value 0.00316
scoring_system epss
scoring_elements 0.54728
published_at 2026-04-18T12:55:00Z
7
value 0.00316
scoring_system epss
scoring_elements 0.54709
published_at 2026-04-21T12:55:00Z
8
value 0.00316
scoring_system epss
scoring_elements 0.54681
published_at 2026-04-24T12:55:00Z
9
value 0.00316
scoring_system epss
scoring_elements 0.547
published_at 2026-04-26T12:55:00Z
10
value 0.00316
scoring_system epss
scoring_elements 0.54678
published_at 2026-04-29T12:55:00Z
11
value 0.00316
scoring_system epss
scoring_elements 0.54626
published_at 2026-05-05T12:55:00Z
12
value 0.00316
scoring_system epss
scoring_elements 0.54603
published_at 2026-04-01T12:55:00Z
13
value 0.00316
scoring_system epss
scoring_elements 0.54673
published_at 2026-04-02T12:55:00Z
14
value 0.00316
scoring_system epss
scoring_elements 0.54695
published_at 2026-04-04T12:55:00Z
15
value 0.00316
scoring_system epss
scoring_elements 0.54665
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000183
2
reference_url https://github.com/jenkinsci/github-plugin
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/github-plugin
3
reference_url https://github.com/jenkinsci/github-plugin/commit/775a8be0d4f7238b33cbbda6508170ff34a90736
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/github-plugin/commit/775a8be0d4f7238b33cbbda6508170ff34a90736
4
reference_url https://jenkins.io/security/advisory/2018-06-04/#SECURITY-804
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2018-06-04/#SECURITY-804
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1585992
reference_id 1585992
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1585992
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:*
reference_id cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000183
reference_id CVE-2018-1000183
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000183
8
reference_url https://github.com/advisories/GHSA-v7g7-cmxx-wxw9
reference_id GHSA-v7g7-cmxx-wxw9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v7g7-cmxx-wxw9
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-g6yv-hh51-mfak