VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-hzjc-y24r-8fbn

Essentials
Severities (13)
References (8)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-hzjc-y24r-8fbn
Aliases	CVE-2022-28147 GHSA-8hh2-rxm8-7fj8
Summary	multiple issues
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-862	Missing Authorization
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-281	Improper Preservation of Permissions

System	Score	Found at
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-28147
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-8hh2-rxm8-7fj8
cvssv3.1	4.3	https://github.com/jenkinsci/ci-with-toad-edge-plugin
generic_textual	MODERATE	https://github.com/jenkinsci/ci-with-toad-edge-plugin
cvssv3.1	4.3	https://github.com/jenkinsci/ci-with-toad-edge-plugin/commit/2b65d62ebb71ec727097aa409c623f9c7c3b2792
generic_textual	MODERATE	https://github.com/jenkinsci/ci-with-toad-edge-plugin/commit/2b65d62ebb71ec727097aa409c623f9c7c3b2792
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2022-28147
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2022-28147
archlinux	High	https://security.archlinux.org/AVG-2678
cvssv3.1	4.3	https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2635
generic_textual	MODERATE	https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2635
cvssv3.1	4.3	http://www.openwall.com/lists/oss-security/2022/03/29/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2022/03/29/1

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-28147
		https://github.com/jenkinsci/ci-with-toad-edge-plugin
		https://github.com/jenkinsci/ci-with-toad-edge-plugin/commit/2b65d62ebb71ec727097aa409c623f9c7c3b2792
		https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2635
		http://www.openwall.com/lists/oss-security/2022/03/29/1
AVG-2678		https://security.archlinux.org/AVG-2678
CVE-2022-28147		https://nvd.nist.gov/vuln/detail/CVE-2022-28147
GHSA-8hh2-rxm8-7fj8		https://github.com/advisories/GHSA-8hh2-rxm8-7fj8

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/jenkinsci/ci-with-toad-edge-plugin

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/jenkinsci/ci-with-toad-edge-plugin/commit/2b65d62ebb71ec727097aa409c623f9c7c3b2792

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-28147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2635

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2022/03/29/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.1428
EPSS Score	0.00045
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T19:36:56.161599+00:00	Arch Linux Importer	Import	https://security.archlinux.org/AVG-2678	38.6.0