Get Vulnerability Updates

Data for SBOM Document ID: 02ab539c-bd02-4a9b-a65f-f5f76928db59

OWASP depscan Vulnerability Scan Trivy Vulnerability Scan Grype Vulnerability Scan sbomqs SBOM Score
Download SBOM (original upload) Download Signed SBOM (original upload) Download SBOM (recent vulnerability scan)
Share by Email ? Get Badge URL ? Get Badge markdown code ?
Key Value
Timestamp 2024-07-05T12:07:05+00:00
Signature unsigned
Tool Vendor: aquasecurity
Name: trivy
Version: 0.53.0
Component bom-ref: pkg:oci/jenkins@sha256%3Af2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29?arch=amd64&repository_url=index.docker.io%2Fjenkins%2Fjenkins
Type: container
Name: jenkins/jenkins
purl: pkg:oci/jenkins@sha256%3Af2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29?arch=amd64&repository_url=index.docker.io%2Fjenkins%2Fjenkins
Properties:
  • aquasecurity:trivy:DiffID: sha256:274553746e02c4002a63eaacfeaefec9efe1b21d67bef3a8906981342c55c309
  • aquasecurity:trivy:DiffID: sha256:2da8193f881197ada17f66c14239a6c4860ff4c057965a5c5e82141a5e423fc6
  • aquasecurity:trivy:DiffID: sha256:3132a54aaa6b08df787be7012a17f3fb6d795e9723ff61d33ace221eb2b72c4b
  • aquasecurity:trivy:DiffID: sha256:58e98b7b8d8f84d62780511bc3baae6c27845bb37923e51080408cea928eddd8
  • aquasecurity:trivy:DiffID: sha256:5d64de483bf527bb00d0d2749f8b2b2b21c101e32e6a6be715b7f6c8eae5496b
  • aquasecurity:trivy:DiffID: sha256:62c5de00b2fd6684a9c44738c9eee5bf7815e03b658508cd130eb9b49a25495e
  • aquasecurity:trivy:DiffID: sha256:7d3de1799250c67a5a948176a7482c5535bac0365290c63e75ee36f047407dbb
  • aquasecurity:trivy:DiffID: sha256:c7c919bc2dd3d2659280454f5798f8e551496537de6171894a8bc34950ab97d5
  • aquasecurity:trivy:DiffID: sha256:ca2ae57454840351c8a908aa5b2bcf1c8e3b87e376f0fd3fd3eeca52d4729e35
  • aquasecurity:trivy:DiffID: sha256:d82239e620e0353214c973d09ec192aa36fc6c3933446b3f422904cda57d76b5
  • aquasecurity:trivy:DiffID: sha256:f1ac20f27ce8c806ee976fa755a6782ef150598216e9513c09ee025b97155b8a
  • aquasecurity:trivy:DiffID: sha256:f39462cbc5d2b5c7d24b06c565dd7c67663a9f85fffdbca034ed866ffaa75de9
  • aquasecurity:trivy:ImageID: sha256:c73f7d8602800cf6fb88289039f86de31e6ab85d9bf5b358e032e889f2853a2e
  • aquasecurity:trivy:RepoDigest: jenkins/jenkins@sha256:f2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29
  • aquasecurity:trivy:RepoTag: jenkins/jenkins:latest
  • aquasecurity:trivy:SchemaVersion: 2
Total Components

311

SBOM Quality Score

7.76 / 10

Vulnerability Severity Distribution

EPSS Exploitability Score (lower is better)

Total Vulnerabilities

136

Critical

11

High

50

Medium

67

Low

8

None

0

CVE-2011-3389
Severity: Critical

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Expl...

CVE-2024-37371
Severity: Critical

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS me...

CVE-2019-1010022
Severity: Critical

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard p...

CVE-2023-45853
Severity: Critical

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipO...

CVE-2024-45492
Severity: Critical

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer...

CVE-2016-1000027
Severity: Critical

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue i...

CVE-2024-32002
Severity: Critical

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, ...

CVE-2024-5535
Severity: Critical

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client...

CVE-2024-43044
Severity: Critical

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files fr...

CVE-2024-38821
Severity: Critical

Spring WebFlux applications that have Spring Security authorization rules on static resources can be...

CVE-2024-45491
Severity: Critical

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow...

CVE-2024-2511
Severity: High

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when pro...

CVE-2024-47072
Severity: High

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow...

CVE-2018-6829
Severity: High

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly enco...

CVE-2023-50868
Severity: High

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped...

Structural

Average: 10.0

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.6 and versions: 1.0,1.1,1.2,1.3,1.4,1.5,1.6 10.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 9.2

# Description Score Score Progress
1 150/312 have supplier names 4.8
2 312/312 have names 10.0
3 311/312 have versions 10.0
4 312/312 have unique ID's 10.0
5 doc has 161 dependencies 10.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2024-07-05T12:07:05+00:00 10.0

Semantic

Average: 4.9

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 143/312 have licenses 4.6
3 0/312 have checksums 0.0

Quality

Average: 7.4

# Description Score Score Progress
1 138/312 components with valid license 3.3
2 312/312 components have primary purpose specified 10.0
3 126/312 components have deprecated licenses 6.0
4 0/312 components have restricted licenses 10.0
5 311/312 components have any lookup id 10.0
6 0/312 components have multiple lookup id 0.0
7 1/1 tools have creator and version 10.0
8 primary component found 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0