Add Jenkins advisories parser

[pedrohc]

Please add a parser for Jenkins advisories. Data that can be retrieved:

• CVE ID
• Flaw summary
• Flaw description
• CVSS 3.0 score
• Fixed in version
• Public date
• References link Ex.: https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1498

References:

https://jenkins.io/security/advisory/2019-09-25/

[mprpic]

@pedrohc Do we care about parsing vulnerability data for Jenkins plug-ins as well? Or just Jenkins core? I don't see CVSS scores anywhere on the pages you linked, I don't think the Jenkins project uses CVSS.

[pedrohc]

@pedrohc Do we care about parsing vulnerability data for Jenkins plug-ins as well? Or just Jenkins core? I don't see CVSS scores anywhere on the pages you linked, I don't think the Jenkins project uses CVSS.

@mprpic Yes, we care. we have about 104 entries in the manifests under jenkins-2-plugins. Script-security plugin is the most usual.

The CVSS score vector can be found towards the end of the page, in the impact link (ex. moderate, high). You can just grab and parse the vector form the link and then trasnform it into RH vector.

[shubhbapna]

Not sure if this is applicable anymore, but jenkins advisories are now posted as xml

https://www.jenkins.io/security/advisories/rss.xml