Get Vulnerability Updates

Data for SBOM Document ID: 02ab539c-bd02-4a9b-a65f-f5f76928db59

OWASP depscan Vulnerability Scan Trivy Vulnerability Scan Grype Vulnerability Scan sbomqs SBOM Score
Download SBOM (original upload) Download Signed SBOM (original upload) Download SBOM (recent vulnerability scan)
Share by Email ? Get Badge URL ? Get Badge markdown code ?
Key Value
Timestamp 2024-07-05T12:07:05+00:00
Signature unsigned
Tool Vendor: aquasecurity
Name: trivy
Version: 0.53.0
Component bom-ref: pkg:oci/jenkins@sha256%3Af2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29?arch=amd64&repository_url=index.docker.io%2Fjenkins%2Fjenkins
Type: container
Name: jenkins/jenkins
purl: pkg:oci/jenkins@sha256%3Af2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29?arch=amd64&repository_url=index.docker.io%2Fjenkins%2Fjenkins
Properties:
  • aquasecurity:trivy:DiffID: sha256:274553746e02c4002a63eaacfeaefec9efe1b21d67bef3a8906981342c55c309
  • aquasecurity:trivy:DiffID: sha256:2da8193f881197ada17f66c14239a6c4860ff4c057965a5c5e82141a5e423fc6
  • aquasecurity:trivy:DiffID: sha256:3132a54aaa6b08df787be7012a17f3fb6d795e9723ff61d33ace221eb2b72c4b
  • aquasecurity:trivy:DiffID: sha256:58e98b7b8d8f84d62780511bc3baae6c27845bb37923e51080408cea928eddd8
  • aquasecurity:trivy:DiffID: sha256:5d64de483bf527bb00d0d2749f8b2b2b21c101e32e6a6be715b7f6c8eae5496b
  • aquasecurity:trivy:DiffID: sha256:62c5de00b2fd6684a9c44738c9eee5bf7815e03b658508cd130eb9b49a25495e
  • aquasecurity:trivy:DiffID: sha256:7d3de1799250c67a5a948176a7482c5535bac0365290c63e75ee36f047407dbb
  • aquasecurity:trivy:DiffID: sha256:c7c919bc2dd3d2659280454f5798f8e551496537de6171894a8bc34950ab97d5
  • aquasecurity:trivy:DiffID: sha256:ca2ae57454840351c8a908aa5b2bcf1c8e3b87e376f0fd3fd3eeca52d4729e35
  • aquasecurity:trivy:DiffID: sha256:d82239e620e0353214c973d09ec192aa36fc6c3933446b3f422904cda57d76b5
  • aquasecurity:trivy:DiffID: sha256:f1ac20f27ce8c806ee976fa755a6782ef150598216e9513c09ee025b97155b8a
  • aquasecurity:trivy:DiffID: sha256:f39462cbc5d2b5c7d24b06c565dd7c67663a9f85fffdbca034ed866ffaa75de9
  • aquasecurity:trivy:ImageID: sha256:c73f7d8602800cf6fb88289039f86de31e6ab85d9bf5b358e032e889f2853a2e
  • aquasecurity:trivy:RepoDigest: jenkins/jenkins@sha256:f2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29
  • aquasecurity:trivy:RepoTag: jenkins/jenkins:latest
  • aquasecurity:trivy:SchemaVersion: 2
Total Components

311

SBOM Quality Score

7.76 / 10

Vulnerability Severity Distribution

EPSS Exploitability Score (lower is better)

Total Vulnerabilities

226

Critical

5

High

17

Medium

96

Low

108

None

0

CVE-2024-32002
Severity: Critical

# Summary Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1...

CVE-2011-3172
Severity: Critical

A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that s...

CVE-2024-38821
Severity: Critical

# Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Spr...

CVE-2016-1000027
Severity: Critical

# Pivotal Spring Framework contains unsafe Java deserialization methods Pivotal Spring Framework bef...

CVE-2022-3515
Severity: Critical

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. T...

CVE-2024-6197
Severity: High

libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan ...

CVE-2023-38545
Severity: High

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked...

CVE-2023-29007
Severity: High

# Summary Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8...

CVE-2023-38039
Severity: High

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed la...

CVE-2022-30947
Severity: High

# Path traversal in Jenkins Git Mercurial and Repo Plugins Jenkins SCMs support a number of differen...

CVE-2023-4039
Severity: High

** DISPUTED ** **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains tha...

CVE-2023-2603
Severity: High

# Summary A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function an...

CVE-2023-4039
Severity: High

** DISPUTED ** **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains tha...

CVE-2024-28757
Severity: High

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external ...

CVE-2024-43044
Severity: High

# Jenkins Remoting library arbitrary file read vulnerability Jenkins uses the Remoting library (typi...

Structural

Average: 10.0

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.6 and versions: 1.0,1.1,1.2,1.3,1.4,1.5,1.6 10.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 9.2

# Description Score Score Progress
1 150/312 have supplier names 4.8
2 312/312 have names 10.0
3 311/312 have versions 10.0
4 312/312 have unique ID's 10.0
5 doc has 161 dependencies 10.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2024-07-05T12:07:05+00:00 10.0

Semantic

Average: 4.9

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 143/312 have licenses 4.6
3 0/312 have checksums 0.0

Quality

Average: 7.4

# Description Score Score Progress
1 138/312 components with valid license 3.3
2 312/312 components have primary purpose specified 10.0
3 126/312 components have deprecated licenses 6.0
4 0/312 components have restricted licenses 10.0
5 311/312 components have any lookup id 10.0
6 0/312 components have multiple lookup id 0.0
7 1/1 tools have creator and version 10.0
8 primary component found 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0