The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade org.jenkins-ci.plugins:jira
to version 3.0.1 or higher.
org.jenkins-ci.plugins:jira is a Jenkins plugin that has an optional feature to update JIRA issues with a back pointer to Jenkins build pages. This allows the submitter and watchers to quickly find out which build they need to pick up to get the fix.
Affected versions of this package are vulnerable to Improper Authorisation. The code allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.The fixes add additional checks to make sure that the appropriate level of authorisation is required to perform administrator level tasks.