Get Vulnerability Updates

Data for SBOM Document ID: 02ab539c-bd02-4a9b-a65f-f5f76928db59

OWASP depscan Vulnerability Scan Trivy Vulnerability Scan Grype Vulnerability Scan sbomqs SBOM Score
Download SBOM (original upload) Download Signed SBOM (original upload) Download SBOM (recent vulnerability scan)
Share by Email ? Get Badge URL ? Get Badge markdown code ?
Key Value
Timestamp 2024-07-05T12:07:05+00:00
Signature unsigned
Tool Vendor: aquasecurity
Name: trivy
Version: 0.53.0
Component bom-ref: pkg:oci/jenkins@sha256%3Af2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29?arch=amd64&repository_url=index.docker.io%2Fjenkins%2Fjenkins
Type: container
Name: jenkins/jenkins
purl: pkg:oci/jenkins@sha256%3Af2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29?arch=amd64&repository_url=index.docker.io%2Fjenkins%2Fjenkins
Properties:
  • aquasecurity:trivy:DiffID: sha256:274553746e02c4002a63eaacfeaefec9efe1b21d67bef3a8906981342c55c309
  • aquasecurity:trivy:DiffID: sha256:2da8193f881197ada17f66c14239a6c4860ff4c057965a5c5e82141a5e423fc6
  • aquasecurity:trivy:DiffID: sha256:3132a54aaa6b08df787be7012a17f3fb6d795e9723ff61d33ace221eb2b72c4b
  • aquasecurity:trivy:DiffID: sha256:58e98b7b8d8f84d62780511bc3baae6c27845bb37923e51080408cea928eddd8
  • aquasecurity:trivy:DiffID: sha256:5d64de483bf527bb00d0d2749f8b2b2b21c101e32e6a6be715b7f6c8eae5496b
  • aquasecurity:trivy:DiffID: sha256:62c5de00b2fd6684a9c44738c9eee5bf7815e03b658508cd130eb9b49a25495e
  • aquasecurity:trivy:DiffID: sha256:7d3de1799250c67a5a948176a7482c5535bac0365290c63e75ee36f047407dbb
  • aquasecurity:trivy:DiffID: sha256:c7c919bc2dd3d2659280454f5798f8e551496537de6171894a8bc34950ab97d5
  • aquasecurity:trivy:DiffID: sha256:ca2ae57454840351c8a908aa5b2bcf1c8e3b87e376f0fd3fd3eeca52d4729e35
  • aquasecurity:trivy:DiffID: sha256:d82239e620e0353214c973d09ec192aa36fc6c3933446b3f422904cda57d76b5
  • aquasecurity:trivy:DiffID: sha256:f1ac20f27ce8c806ee976fa755a6782ef150598216e9513c09ee025b97155b8a
  • aquasecurity:trivy:DiffID: sha256:f39462cbc5d2b5c7d24b06c565dd7c67663a9f85fffdbca034ed866ffaa75de9
  • aquasecurity:trivy:ImageID: sha256:c73f7d8602800cf6fb88289039f86de31e6ab85d9bf5b358e032e889f2853a2e
  • aquasecurity:trivy:RepoDigest: jenkins/jenkins@sha256:f2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29
  • aquasecurity:trivy:RepoTag: jenkins/jenkins:latest
  • aquasecurity:trivy:SchemaVersion: 2
Total Components

311

SBOM Quality Score

7.76 / 10

Vulnerability Severity Distribution

EPSS Exploitability Score (lower is better)

Total Vulnerabilities

240

Critical

5

High

22

Medium

104

Low

109

None

0

CVE-2022-3515
Severity: Critical

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. T...

CVE-2016-1000027
Severity: Critical

# Pivotal Spring Framework contains unsafe Java deserialization methods Pivotal Spring Framework bef...

CVE-2024-38821
Severity: Critical

# Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Spr...

CVE-2024-32002
Severity: Critical

# Summary Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1...

CVE-2011-3172
Severity: Critical

A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that s...

CVE-2023-38039
Severity: High

# Summary When curl retrieves an HTTP response, it stores the incoming headers so that they can be a...

CVE-2024-28085
Severity: High

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequence...

CVE-2018-6829
Severity: High

# Summary cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, impro...

ALAS2023-2024-609
Severity: High

...

CVE-2024-6197
Severity: High

libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan ...

CVE-2024-43044
Severity: High

# Jenkins Remoting library arbitrary file read vulnerability Jenkins uses the Remoting library (typi...

CVE-2023-29007
Severity: High

# Summary Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8...

CVE-2023-38039
Severity: High

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed la...

ALSA-2024:4084
Severity: High

Git is a distributed revision control system with a decentralized architecture. As opposed to centra...

CVE-2024-28757
Severity: High

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external ...

Structural

Average: 10.0

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.6 and versions: 1.0,1.1,1.2,1.3,1.4,1.5,1.6 10.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 9.2

# Description Score Score Progress
1 150/312 have supplier names 4.8
2 312/312 have names 10.0
3 311/312 have versions 10.0
4 312/312 have unique ID's 10.0
5 doc has 161 dependencies 10.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2024-07-05T12:07:05+00:00 10.0

Semantic

Average: 4.9

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 143/312 have licenses 4.6
3 0/312 have checksums 0.0

Quality

Average: 7.4

# Description Score Score Progress
1 138/312 components with valid license 3.3
2 312/312 components have primary purpose specified 10.0
3 126/312 components have deprecated licenses 6.0
4 0/312 components have restricted licenses 10.0
5 311/312 components have any lookup id 10.0
6 0/312 components have multiple lookup id 0.0
7 1/1 tools have creator and version 10.0
8 primary component found 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0