All the vulnerabilites related to CloudBees - Jenkins
cve-2013-2033
Vulnerability from cvelistv5
Published
2014-04-10 14:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84004 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/92982 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name": "jenkins-cve20132033-xss(84004)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84004"
},
{
"name": "92982",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/92982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name": "jenkins-cve20132033-xss(84004)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84004"
},
{
"name": "92982",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/92982"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2033",
"datePublished": "2014-04-10T14:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0785
Vulnerability from cvelistv5
Published
2020-02-24 16:54
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/01/20/8 | mailing-list, x_refsource_MLIST | |
| https://security-tracker.debian.org/tracker/CVE-2012-0785 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-0785 | x_refsource_MISC | |
| https://jenkins.io/security/advisory/2012-01-12/ | x_refsource_CONFIRM | |
| https://www.cloudbees.com/jenkins-security-advisory-2012-01-12 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120119 Re: CVE request: Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-0785"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-0785"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2012-01-12/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "before 1.447"
}
]
},
{
"product": "Jenkins LTS",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "before 1.424.2"
}
]
},
{
"product": "Jenkins Enterprise by CloudBees",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "1.424.x before 1.424.2.1"
},
{
"status": "affected",
"version": "1.400.x before 1.400.0.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka \"the Hash DoS attack.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "and hash collision attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-24T16:54:05",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120119 Re: CVE request: Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-0785"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-0785"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2012-01-12/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "before 1.447"
}
]
}
},
{
"product_name": "Jenkins LTS",
"version": {
"version_data": [
{
"version_value": "before 1.424.2"
}
]
}
},
{
"product_name": "Jenkins Enterprise by CloudBees",
"version": {
"version_data": [
{
"version_value": "1.424.x before 1.424.2.1"
},
{
"version_value": "1.400.x before 1.400.0.11"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka \"the Hash DoS attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "and hash collision attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120119 Re: CVE request: Jenkins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/8"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2012-0785",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2012-0785"
},
{
"name": "https://access.redhat.com/security/cve/cve-2012-0785",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2012-0785"
},
{
"name": "https://jenkins.io/security/advisory/2012-01-12/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2012-01-12/"
},
{
"name": "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12",
"refsource": "CONFIRM",
"url": "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0785",
"datePublished": "2020-02-24T16:54:05",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6074
Vulnerability from cvelistv5
Published
2013-02-24 22:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0220.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2012/12/28/1 | mailing-list, x_refsource_MLIST | |
| https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=890612 | x_refsource_MISC | |
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"name": "[oss-security] 20121227 Re: CVE request: Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/28/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890612"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-09T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"name": "[oss-security] 20121227 Re: CVE request: Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/28/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890612"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6074",
"datePublished": "2013-02-24T22:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0324
Vulnerability from cvelistv5
Published
2012-03-09 11:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022 | third-party-advisory, x_refsource_JVNDB | |
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/52384 | vdb-entry, x_refsource_BID | |
| http://jvn.jp/en/jp/JVN14791558/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2012-000022",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name": "52384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name": "JVN#14791558",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN14791558/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T20:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2012-000022",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name": "52384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name": "JVN#14791558",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN14791558/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2012-000022",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022"
},
{
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb",
"refsource": "CONFIRM",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name": "52384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name": "JVN#14791558",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN14791558/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0324",
"datePublished": "2012-03-09T11:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0325
Vulnerability from cvelistv5
Published
2012-03-09 11:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN79950061/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/52384 | vdb-entry, x_refsource_BID | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023 | third-party-advisory, x_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name": "JVN#79950061",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN79950061/index.html"
},
{
"name": "52384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name": "JVNDB-2012-000023",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T20:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name": "JVN#79950061",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN79950061/index.html"
},
{
"name": "52384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name": "JVNDB-2012-000023",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb",
"refsource": "CONFIRM",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name": "JVN#79950061",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN79950061/index.html"
},
{
"name": "52384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name": "JVNDB-2012-000023",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0325",
"datePublished": "2012-03-09T11:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1811
Vulnerability from cvelistv5
Published
2020-01-15 18:05
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1205632 | x_refsource_MISC | |
| https://jenkins.io/security/advisory/2015-02-27/ | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| CloudBees | Jenkins | |
| CloudBees | Jenkins LTS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins",
"vendor": "CloudBees",
"versions": [
{
"status": "affected",
"version": "before 1.600"
}
]
},
{
"product": "Jenkins LTS",
"vendor": "CloudBees",
"versions": [
{
"status": "affected",
"version": "before 1.596.1"
}
]
}
],
"datePublic": "2015-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T18:05:34",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "before 1.600"
}
]
}
},
{
"product_name": "Jenkins LTS",
"version": {
"version_data": [
{
"version_value": "before 1.596.1"
}
]
}
}
]
},
"vendor_name": "CloudBees"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"name": "https://jenkins.io/security/advisory/2015-02-27/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1811",
"datePublished": "2020-01-15T18:05:34",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2034
Vulnerability from cvelistv5
Published
2014-05-14 19:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb | x_refsource_CONFIRM | |
| http://osvdb.org/92981 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name": "92981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/92981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-09T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name": "92981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/92981"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2034",
"datePublished": "2014-05-14T19:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1809
Vulnerability from cvelistv5
Published
2020-01-15 18:05
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1205625 | x_refsource_MISC | |
| https://jenkins.io/security/advisory/2015-02-27/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| CloudBees | Jenkins | |
| CloudBees | Jenkins LTS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins",
"vendor": "CloudBees",
"versions": [
{
"status": "affected",
"version": "before 1.600"
}
]
},
{
"product": "Jenkins LTS",
"vendor": "CloudBees",
"versions": [
{
"status": "affected",
"version": "before 1.596.1"
}
]
}
],
"datePublic": "2015-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T18:05:30",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "before 1.600"
}
]
}
},
{
"product_name": "Jenkins LTS",
"version": {
"version_data": [
{
"version_value": "before 1.596.1"
}
]
}
}
]
},
"vendor_name": "CloudBees"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625"
},
{
"name": "https://jenkins.io/security/advisory/2015-02-27/",
"refsource": "MISC",
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1809",
"datePublished": "2020-01-15T18:05:30",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6073
Vulnerability from cvelistv5
Published
2013-02-24 22:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0220.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2012/12/28/1 | mailing-list, x_refsource_MLIST | |
| https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=890608 | x_refsource_MISC | |
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"name": "[oss-security] 20121227 Re: CVE request: Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/28/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-09T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"name": "[oss-security] 20121227 Re: CVE request: Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/28/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6073",
"datePublished": "2013-02-24T22:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0158
Vulnerability from cvelistv5
Published
2013-02-24 22:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-0220.html | vendor-advisory, x_refsource_REDHAT | |
| https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2 | x_refsource_CONFIRM | |
| https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 | x_refsource_CONFIRM | |
| https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5 | x_refsource_CONFIRM | |
| https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd | x_refsource_CONFIRM | |
| https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/01/07/4 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=892795 | x_refsource_MISC | |
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04"
},
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602"
},
{
"name": "[oss-security] 20130107 Re: CVE Request: Jenkins possible remote code execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/07/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-09T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04"
},
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602"
},
{
"name": "[oss-security] 20130107 Re: CVE Request: Jenkins possible remote code execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/07/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0158",
"datePublished": "2013-02-24T22:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6072
Vulnerability from cvelistv5
Published
2013-02-24 22:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0220.html | vendor-advisory, x_refsource_REDHAT | |
| https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=890607 | x_refsource_MISC | |
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-09T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6072",
"datePublished": "2013-02-24T22:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2012-000023
Vulnerability from jvndb
Published
2012-03-09 14:35
Modified
2012-03-09 14:35
Summary
Jenkins vulnerable to cross-site scripting
Details
Jenkins contains a cross-site scripting vulnerability.
Jenkins is a continuous integration (CI) tool.
Note that this vulnerability is different from JVN#14791558.
Minoru Sakai of SCSK Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000023.html",
"dc:date": "2012-03-09T14:35+09:00",
"dcterms:issued": "2012-03-09T14:35+09:00",
"dcterms:modified": "2012-03-09T14:35+09:00",
"description": "Jenkins contains a cross-site scripting vulnerability.\r\n\r\nJenkins is a continuous integration (CI) tool. \r\n\r\nNote that this vulnerability is different from JVN#14791558.\r\n\r\nMinoru Sakai of SCSK Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000023.html",
"sec:cpe": {
"#text": "cpe:/a:cloudbees:jenkins",
"@product": "Jenkins",
"@vendor": "CloudBees",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000023",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN79950061/index.html",
"@id": "JVN#79950061",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0325",
"@id": "CVE-2012-0325",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0325",
"@id": "CVE-2012-0325",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Jenkins vulnerable to cross-site scripting"
}
jvndb-2012-000022
Vulnerability from jvndb
Published
2012-03-09 14:28
Modified
2012-03-09 14:28
Summary
Jenkins vulnerable to cross-site scripting
Details
Jenkins contains a cross-site scripting vulnerability.
Jenkins is a continuous integration (CI) tool. Jenkins contains a cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#79950061.
Minoru Sakai of SCSK Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000022.html",
"dc:date": "2012-03-09T14:28+09:00",
"dcterms:issued": "2012-03-09T14:28+09:00",
"dcterms:modified": "2012-03-09T14:28+09:00",
"description": "Jenkins contains a cross-site scripting vulnerability.\r\n\r\nJenkins is a continuous integration (CI) tool. Jenkins contains a cross-site scripting vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#79950061.\r\n\r\nMinoru Sakai of SCSK Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000022.html",
"sec:cpe": {
"#text": "cpe:/a:cloudbees:jenkins",
"@product": "Jenkins",
"@vendor": "CloudBees",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000022",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN14791558/index.html",
"@id": "JVN#14791558",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0324",
"@id": "CVE-2012-0324",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0324",
"@id": "CVE-2012-0324",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Jenkins vulnerable to cross-site scripting"
}