Get Vulnerability Updates

Data for SBOM Document ID: 02ab539c-bd02-4a9b-a65f-f5f76928db59

OWASP depscan Vulnerability Scan Trivy Vulnerability Scan Grype Vulnerability Scan sbomqs SBOM Score
Download SBOM (original upload) Download Signed SBOM (original upload) Download SBOM (recent vulnerability scan)
Share by Email ? Get Badge URL ? Get Badge markdown code ?
Key Value
Timestamp 2024-07-05T12:07:05+00:00
Signature unsigned
Tool Vendor: aquasecurity
Name: trivy
Version: 0.53.0
Component bom-ref: pkg:oci/jenkins@sha256%3Af2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29?arch=amd64&repository_url=index.docker.io%2Fjenkins%2Fjenkins
Type: container
Name: jenkins/jenkins
purl: pkg:oci/jenkins@sha256%3Af2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29?arch=amd64&repository_url=index.docker.io%2Fjenkins%2Fjenkins
Properties:
  • aquasecurity:trivy:DiffID: sha256:274553746e02c4002a63eaacfeaefec9efe1b21d67bef3a8906981342c55c309
  • aquasecurity:trivy:DiffID: sha256:2da8193f881197ada17f66c14239a6c4860ff4c057965a5c5e82141a5e423fc6
  • aquasecurity:trivy:DiffID: sha256:3132a54aaa6b08df787be7012a17f3fb6d795e9723ff61d33ace221eb2b72c4b
  • aquasecurity:trivy:DiffID: sha256:58e98b7b8d8f84d62780511bc3baae6c27845bb37923e51080408cea928eddd8
  • aquasecurity:trivy:DiffID: sha256:5d64de483bf527bb00d0d2749f8b2b2b21c101e32e6a6be715b7f6c8eae5496b
  • aquasecurity:trivy:DiffID: sha256:62c5de00b2fd6684a9c44738c9eee5bf7815e03b658508cd130eb9b49a25495e
  • aquasecurity:trivy:DiffID: sha256:7d3de1799250c67a5a948176a7482c5535bac0365290c63e75ee36f047407dbb
  • aquasecurity:trivy:DiffID: sha256:c7c919bc2dd3d2659280454f5798f8e551496537de6171894a8bc34950ab97d5
  • aquasecurity:trivy:DiffID: sha256:ca2ae57454840351c8a908aa5b2bcf1c8e3b87e376f0fd3fd3eeca52d4729e35
  • aquasecurity:trivy:DiffID: sha256:d82239e620e0353214c973d09ec192aa36fc6c3933446b3f422904cda57d76b5
  • aquasecurity:trivy:DiffID: sha256:f1ac20f27ce8c806ee976fa755a6782ef150598216e9513c09ee025b97155b8a
  • aquasecurity:trivy:DiffID: sha256:f39462cbc5d2b5c7d24b06c565dd7c67663a9f85fffdbca034ed866ffaa75de9
  • aquasecurity:trivy:ImageID: sha256:c73f7d8602800cf6fb88289039f86de31e6ab85d9bf5b358e032e889f2853a2e
  • aquasecurity:trivy:RepoDigest: jenkins/jenkins@sha256:f2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29
  • aquasecurity:trivy:RepoTag: jenkins/jenkins:latest
  • aquasecurity:trivy:SchemaVersion: 2
Total Components

311

SBOM Quality Score

7.76 / 10

Vulnerability Severity Distribution

EPSS Exploitability Score (lower is better)

Total Vulnerabilities

285

Critical

6

High

28

Medium

113

Low

138

None

0

CVE-2024-38821
Severity: Critical

# Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Spr...

CVE-2016-1000027
Severity: Critical

# Pivotal Spring Framework contains unsafe Java deserialization methods Pivotal Spring Framework bef...

CVE-2023-47100
Severity: Critical

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a ...

CVE-2022-3515
Severity: Critical

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. T...

CVE-2011-3172
Severity: Critical

A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that s...

CVE-2024-32002
Severity: Critical

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, ...

CVE-2024-12133
Severity: High

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large...

CVE-2024-6197
Severity: High

libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan ...

CVE-2023-31486
Severity: High

# Summary HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN,...

CVE-2024-28757
Severity: High

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external ...

CVE-2025-22228
Severity: High

# Spring Security Does Not Enforce Password Length BCryptPasswordEncoder.matches(CharSequence,String...

ALAS2023-2024-609
Severity: High

...

CVE-2024-28085
Severity: High

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequence...

CVE-2024-28085
Severity: High

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequence...

CVE-2024-43044
Severity: High

# Jenkins Remoting library arbitrary file read vulnerability Jenkins uses the Remoting library (typi...

Structural

Average: 10.0

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.6 and versions: 1.0,1.1,1.2,1.3,1.4,1.5,1.6 10.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 9.2

# Description Score Score Progress
1 150/312 have supplier names 4.8
2 312/312 have names 10.0
3 311/312 have versions 10.0
4 312/312 have unique ID's 10.0
5 doc has 161 dependencies 10.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2024-07-05T12:07:05+00:00 10.0

Semantic

Average: 4.9

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 143/312 have licenses 4.6
3 0/312 have checksums 0.0

Quality

Average: 7.4

# Description Score Score Progress
1 138/312 components with valid license 3.3
2 312/312 components have primary purpose specified 10.0
3 126/312 components have deprecated licenses 6.0
4 0/312 components have restricted licenses 10.0
5 311/312 components have any lookup id 10.0
6 0/312 components have multiple lookup id 0.0
7 1/1 tools have creator and version 10.0
8 primary component found 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0