{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-09T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-06-09T16:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"}, {"name": "RHSA-2016:0489", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html"}, {"name": "RHSA-2016:0070", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:0070"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-7539", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", "refsource": "CONFIRM", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"}, {"name": "RHSA-2016:0489", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html"}, {"name": "RHSA-2016:0070", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:0070"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:51:28.450Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"}, {"name": "RHSA-2016:0489", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html"}, {"name": "RHSA-2016:0070", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:0070"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-7539", "datePublished": "2016-02-03T15:00:00.000Z", "dateReserved": "2015-09-29T00:00:00.000Z", "dateUpdated": "2024-08-06T07:51:28.450Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCFC646A-BA70-404D-9DE1-EE758455546E", "versionEndIncluding": "1.639", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "matchCriteriaId": "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", "versionEndIncluding": "1.625.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F8E35FAB-695F-44DA-945D-60B47C1F200B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin."}, {"lang": "es", "value": "The Plugins Manager in Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 no verifica sumas de comprobaci\u00f3n para archivos de plugin referenciados en datos del sitio de actualizaci\u00f3n, lo que facilita a atacantes man-in-the-middle ejecutar c\u00f3digo arbitrario a trav\u00e9s de un plugin manipulado."}], "id": "CVE-2015-7539", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-03T18:59:03.900", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2016:0070"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2016:0070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "activemq-0:5.9.0-6.redhat.611454.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "jenkins-0:1.625.3-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-enterprise-upgrade-0:2.2.9-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-broker-util-0:1.37.5.3-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-node-proxy-0:1.26.2.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-node-util-0:1.38.6.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "php-0:5.3.3-46.el6_7.1", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rhc-0:1.38.6.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0489", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "atomic-openshift-0:3.1.1.6-1.git.0.b57e8bd.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "heapster-0:0.18.2-3.gitaf4752e.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "jenkins-0:1.625.3-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-align-text-0:0.1.3-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-ansi-green-0:0.1.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-ansi-wrap-0:0.1.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-anymatch-0:1.3.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-array-unique-0:0.2.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-arr-diff-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-arr-flatten-0:1.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-arrify-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-async-each-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-binary-extensions-0:1.3.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-braces-0:1.8.2-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-capture-stack-trace-0:1.0.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-chokidar-0:1.4.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-configstore-0:1.4.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-create-error-class-0:2.0.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-deep-extend-0:0.3.2-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-duplexer-0:0.1.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-duplexify-0:3.4.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-end-of-stream-0:1.1.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-error-ex-0:1.2.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-es6-promise-0:3.0.2-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-event-stream-0:3.3.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-expand-brackets-0:0.1.4-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-expand-range-0:1.8.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-extglob-0:0.3.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-filename-regex-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-fill-range-0:2.2.3-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-for-in-0:0.1.4-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-for-own-0:0.1.3-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-from-0:0.1.3-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-glob-base-0:0.3.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-glob-parent-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-got-0:5.2.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-graceful-fs-0:4.1.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-ini-0:1.1.0-6.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-binary-path-0:1.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-dotfile-0:1.0.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-equal-shallow-0:0.1.3-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-extendable-0:0.1.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-extglob-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-glob-0:2.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-npm-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-number-0:2.1.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-isobject-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-plain-obj-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-primitive-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-redirect-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-is-stream-0:1.0.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-kind-of-0:3.0.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-latest-version-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lazy-cache-0:1.0.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.assign-0:3.2.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.baseassign-0:3.2.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.basecopy-0:3.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.bindcallback-0:3.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.createassigner-0:3.1.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.defaults-0:3.1.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.getnative-0:3.9.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.isarguments-0:3.0.4-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.isarray-0:3.0.4-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.isiterateecall-0:3.0.9-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.keys-0:3.1.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lodash.restparam-0:3.6.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-lowercase-keys-0:1.0.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-map-stream-0:0.1.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-micromatch-0:2.3.5-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-mkdirp-0:0.5.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-nodemon-0:1.8.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-node-status-codes-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-normalize-path-0:2.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-object-assign-0:4.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-object.omit-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-optimist-0:0.4.0-5.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-osenv-0:0.1.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-os-homedir-0:1.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-os-tmpdir-0:1.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-package-json-0:2.3.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-parse-glob-0:3.0.4-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-parse-json-0:2.2.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-pause-stream-0:0.0.11-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-pinkie-0:2.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-pinkie-promise-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-prepend-http-0:1.0.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-preserve-0:0.2.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-ps-tree-0:1.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-randomatic-0:1.1.5-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-rc-0:1.1.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-read-all-stream-0:3.0.1-3.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-readdirp-0:2.0.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-regex-cache-0:0.4.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-registry-url-0:3.0.3-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-repeat-element-0:1.1.2-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-semver-0:5.1.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-semver-diff-0:2.1.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-slide-0:1.1.5-3.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-split-0:0.3.3-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-stream-combiner-0:0.2.1-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-string-length-0:1.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-strip-json-comments-0:1.0.2-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-success-symbol-0:0.1.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-through-0:2.3.4-4.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-timed-out-0:2.0.0-3.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-touch-0:1.0.0-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-undefsafe-0:0.0.3-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-unzip-response-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-update-notifier-0:0.6.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-url-parse-lax-0:1.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-uuid-0:2.0.1-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-write-file-atomic-0:1.1.2-2.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-xdg-basedir-0:2.0.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nss_wrapper-0:1.0.3-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "openshift-ansible-0:3.0.35-1.git.0.6a386dd.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "openvswitch-0:2.4.0-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0070", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "origin-kibana-0:0.5.0-1.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-01-26T00:00:00Z"}], "bugzilla": {"description": "jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)", "id": "1291798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291798"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin."], "name": "CVE-2015-7539", "public_date": "2015-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-7539\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7539\nhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"], "threat_severity": "Moderate"}

{}