Get Vulnerability Updates

Data for SBOM Document ID: 02ab539c-bd02-4a9b-a65f-f5f76928db59

OWASP depscan Vulnerability Scan Trivy Vulnerability Scan Grype Vulnerability Scan sbomqs SBOM Score
Download SBOM (original upload) Download Signed SBOM (original upload) Download SBOM (recent vulnerability scan)
Share by Email ? Get Badge URL ? Get Badge markdown code ?
Key Value
Timestamp 2024-07-05T12:07:05+00:00
Signature unsigned
Tool Vendor: aquasecurity
Name: trivy
Version: 0.53.0
Component bom-ref: pkg:oci/jenkins@sha256%3Af2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29?arch=amd64&repository_url=index.docker.io%2Fjenkins%2Fjenkins
Type: container
Name: jenkins/jenkins
purl: pkg:oci/jenkins@sha256%3Af2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29?arch=amd64&repository_url=index.docker.io%2Fjenkins%2Fjenkins
Properties:
  • aquasecurity:trivy:DiffID: sha256:274553746e02c4002a63eaacfeaefec9efe1b21d67bef3a8906981342c55c309
  • aquasecurity:trivy:DiffID: sha256:2da8193f881197ada17f66c14239a6c4860ff4c057965a5c5e82141a5e423fc6
  • aquasecurity:trivy:DiffID: sha256:3132a54aaa6b08df787be7012a17f3fb6d795e9723ff61d33ace221eb2b72c4b
  • aquasecurity:trivy:DiffID: sha256:58e98b7b8d8f84d62780511bc3baae6c27845bb37923e51080408cea928eddd8
  • aquasecurity:trivy:DiffID: sha256:5d64de483bf527bb00d0d2749f8b2b2b21c101e32e6a6be715b7f6c8eae5496b
  • aquasecurity:trivy:DiffID: sha256:62c5de00b2fd6684a9c44738c9eee5bf7815e03b658508cd130eb9b49a25495e
  • aquasecurity:trivy:DiffID: sha256:7d3de1799250c67a5a948176a7482c5535bac0365290c63e75ee36f047407dbb
  • aquasecurity:trivy:DiffID: sha256:c7c919bc2dd3d2659280454f5798f8e551496537de6171894a8bc34950ab97d5
  • aquasecurity:trivy:DiffID: sha256:ca2ae57454840351c8a908aa5b2bcf1c8e3b87e376f0fd3fd3eeca52d4729e35
  • aquasecurity:trivy:DiffID: sha256:d82239e620e0353214c973d09ec192aa36fc6c3933446b3f422904cda57d76b5
  • aquasecurity:trivy:DiffID: sha256:f1ac20f27ce8c806ee976fa755a6782ef150598216e9513c09ee025b97155b8a
  • aquasecurity:trivy:DiffID: sha256:f39462cbc5d2b5c7d24b06c565dd7c67663a9f85fffdbca034ed866ffaa75de9
  • aquasecurity:trivy:ImageID: sha256:c73f7d8602800cf6fb88289039f86de31e6ab85d9bf5b358e032e889f2853a2e
  • aquasecurity:trivy:RepoDigest: jenkins/jenkins@sha256:f2e76ce1ba8d7b357f79a6f174b6696d3ede0cd9c323c5bd7347bf945807ac29
  • aquasecurity:trivy:RepoTag: jenkins/jenkins:latest
  • aquasecurity:trivy:SchemaVersion: 2
Total Components

311

SBOM Quality Score

7.76 / 10

Vulnerability Severity Distribution

EPSS Exploitability Score (lower is better)

Total Vulnerabilities

213

Critical

5

High

18

Medium

83

Low

107

None

0

CVE-2024-43044
Severity: Critical

# Jenkins Remoting library arbitrary file read vulnerability Jenkins uses the Remoting library (typi...

CVE-2011-3172
Severity: Critical

A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that s...

CVE-2024-32002
Severity: Critical

# Summary Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1...

CVE-2016-1000027
Severity: Critical

# Pivotal Spring Framework contains unsafe Java deserialization methods Pivotal Spring Framework bef...

CVE-2022-3515
Severity: Critical

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. T...

CVE-2023-4039
Severity: High

** DISPUTED ** **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains tha...

CVE-2018-6829
Severity: High

# Summary cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, impro...

CVE-2023-2603
Severity: High

# Summary A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function an...

CVE-2024-28757
Severity: High

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external ...

CVE-2023-23946
Severity: High

# Summary Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, ...

ALAS2-2024-2535
Severity: High

...

ALAS2023-2024-609
Severity: High

...

CVE-2023-4039
Severity: High

** DISPUTED ** **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains tha...

CVE-2023-38545
Severity: High

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked...

CVE-2022-30947
Severity: High

# Path traversal in Jenkins Git Mercurial and Repo Plugins Jenkins SCMs support a number of differen...

Structural

Average: 10.0

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.6 and versions: 1.0,1.1,1.2,1.3,1.4,1.5,1.6 10.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 9.2

# Description Score Score Progress
1 150/312 have supplier names 4.8
2 312/312 have names 10.0
3 311/312 have versions 10.0
4 312/312 have unique ID's 10.0
5 doc has 676 relationships 10.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2024-07-05T12:07:05+00:00 10.0

Semantic

Average: 4.9

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 143/312 have licenses 4.6
3 0/312 have checksums 0.0

Quality

Average: 7.4

# Description Score Score Progress
1 138/312 components with valid license 3.3
2 312/312 components have primary purpose specified 10.0
3 126/312 components have deprecated licenses 6.0
4 0/312 components have restricted licenses 10.0
5 311/312 components have any lookup id 10.0
6 0/312 components have multiple lookup id 0.0
7 1/1 tools have creator and version 10.0
8 primary component found 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0