All the vulnerabilites related to cloudbees - jenkins
cve-2012-6073
Vulnerability from cvelistv5
Published
2013-02-24 22:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0220.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2012/12/28/1 | mailing-list, x_refsource_MLIST | |
| https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=890608 | x_refsource_MISC | |
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"name": "[oss-security] 20121227 Re: CVE request: Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/28/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-09T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"name": "[oss-security] 20121227 Re: CVE request: Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/28/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6073",
"datePublished": "2013-02-24T22:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1811
Vulnerability from cvelistv5
Published
2020-01-15 18:05
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1205632 | x_refsource_MISC | |
| https://jenkins.io/security/advisory/2015-02-27/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | CloudBees | Jenkins |
Version: before 1.600 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins",
"vendor": "CloudBees",
"versions": [
{
"status": "affected",
"version": "before 1.600"
}
]
},
{
"product": "Jenkins LTS",
"vendor": "CloudBees",
"versions": [
{
"status": "affected",
"version": "before 1.596.1"
}
]
}
],
"datePublic": "2015-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T18:05:34",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "before 1.600"
}
]
}
},
{
"product_name": "Jenkins LTS",
"version": {
"version_data": [
{
"version_value": "before 1.596.1"
}
]
}
}
]
},
"vendor_name": "CloudBees"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"name": "https://jenkins.io/security/advisory/2015-02-27/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1811",
"datePublished": "2020-01-15T18:05:34",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2033
Vulnerability from cvelistv5
Published
2014-04-10 14:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84004 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/92982 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name": "jenkins-cve20132033-xss(84004)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84004"
},
{
"name": "92982",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/92982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name": "jenkins-cve20132033-xss(84004)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84004"
},
{
"name": "92982",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/92982"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2033",
"datePublished": "2014-04-10T14:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6074
Vulnerability from cvelistv5
Published
2013-02-24 22:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0220.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2012/12/28/1 | mailing-list, x_refsource_MLIST | |
| https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=890612 | x_refsource_MISC | |
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"name": "[oss-security] 20121227 Re: CVE request: Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/28/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890612"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-09T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"name": "[oss-security] 20121227 Re: CVE request: Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/28/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890612"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6074",
"datePublished": "2013-02-24T22:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0324
Vulnerability from cvelistv5
Published
2012-03-09 11:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022 | third-party-advisory, x_refsource_JVNDB | |
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/52384 | vdb-entry, x_refsource_BID | |
| http://jvn.jp/en/jp/JVN14791558/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2012-000022",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name": "52384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name": "JVN#14791558",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN14791558/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T20:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2012-000022",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name": "52384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name": "JVN#14791558",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN14791558/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2012-000022",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022"
},
{
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb",
"refsource": "CONFIRM",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name": "52384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name": "JVN#14791558",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN14791558/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0324",
"datePublished": "2012-03-09T11:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6072
Vulnerability from cvelistv5
Published
2013-02-24 22:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0220.html | vendor-advisory, x_refsource_REDHAT | |
| https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=890607 | x_refsource_MISC | |
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-09T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6072",
"datePublished": "2013-02-24T22:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0785
Vulnerability from cvelistv5
Published
2020-02-24 16:54
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/01/20/8 | mailing-list, x_refsource_MLIST | |
| https://security-tracker.debian.org/tracker/CVE-2012-0785 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-0785 | x_refsource_MISC | |
| https://jenkins.io/security/advisory/2012-01-12/ | x_refsource_CONFIRM | |
| https://www.cloudbees.com/jenkins-security-advisory-2012-01-12 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Jenkins project | Jenkins |
Version: before 1.447 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120119 Re: CVE request: Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-0785"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-0785"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2012-01-12/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "before 1.447"
}
]
},
{
"product": "Jenkins LTS",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "before 1.424.2"
}
]
},
{
"product": "Jenkins Enterprise by CloudBees",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "1.424.x before 1.424.2.1"
},
{
"status": "affected",
"version": "1.400.x before 1.400.0.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka \"the Hash DoS attack.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "and hash collision attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-24T16:54:05",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120119 Re: CVE request: Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-0785"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-0785"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2012-01-12/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "before 1.447"
}
]
}
},
{
"product_name": "Jenkins LTS",
"version": {
"version_data": [
{
"version_value": "before 1.424.2"
}
]
}
},
{
"product_name": "Jenkins Enterprise by CloudBees",
"version": {
"version_data": [
{
"version_value": "1.424.x before 1.424.2.1"
},
{
"version_value": "1.400.x before 1.400.0.11"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka \"the Hash DoS attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "and hash collision attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120119 Re: CVE request: Jenkins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/8"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2012-0785",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2012-0785"
},
{
"name": "https://access.redhat.com/security/cve/cve-2012-0785",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2012-0785"
},
{
"name": "https://jenkins.io/security/advisory/2012-01-12/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2012-01-12/"
},
{
"name": "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12",
"refsource": "CONFIRM",
"url": "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0785",
"datePublished": "2020-02-24T16:54:05",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0325
Vulnerability from cvelistv5
Published
2012-03-09 11:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN79950061/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/52384 | vdb-entry, x_refsource_BID | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023 | third-party-advisory, x_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name": "JVN#79950061",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN79950061/index.html"
},
{
"name": "52384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name": "JVNDB-2012-000023",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T20:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name": "JVN#79950061",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN79950061/index.html"
},
{
"name": "52384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name": "JVNDB-2012-000023",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb",
"refsource": "CONFIRM",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name": "JVN#79950061",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN79950061/index.html"
},
{
"name": "52384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name": "JVNDB-2012-000023",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0325",
"datePublished": "2012-03-09T11:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2034
Vulnerability from cvelistv5
Published
2014-05-14 19:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb | x_refsource_CONFIRM | |
| http://osvdb.org/92981 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name": "92981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/92981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-09T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name": "92981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/92981"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2034",
"datePublished": "2014-05-14T19:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1809
Vulnerability from cvelistv5
Published
2020-01-15 18:05
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1205625 | x_refsource_MISC | |
| https://jenkins.io/security/advisory/2015-02-27/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | CloudBees | Jenkins |
Version: before 1.600 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins",
"vendor": "CloudBees",
"versions": [
{
"status": "affected",
"version": "before 1.600"
}
]
},
{
"product": "Jenkins LTS",
"vendor": "CloudBees",
"versions": [
{
"status": "affected",
"version": "before 1.596.1"
}
]
}
],
"datePublic": "2015-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T18:05:30",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "before 1.600"
}
]
}
},
{
"product_name": "Jenkins LTS",
"version": {
"version_data": [
{
"version_value": "before 1.596.1"
}
]
}
}
]
},
"vendor_name": "CloudBees"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625"
},
{
"name": "https://jenkins.io/security/advisory/2015-02-27/",
"refsource": "MISC",
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1809",
"datePublished": "2020-01-15T18:05:30",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0158
Vulnerability from cvelistv5
Published
2013-02-24 22:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-0220.html | vendor-advisory, x_refsource_REDHAT | |
| https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2 | x_refsource_CONFIRM | |
| https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 | x_refsource_CONFIRM | |
| https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5 | x_refsource_CONFIRM | |
| https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd | x_refsource_CONFIRM | |
| https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/01/07/4 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=892795 | x_refsource_MISC | |
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04"
},
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602"
},
{
"name": "[oss-security] 20130107 Re: CVE Request: Jenkins possible remote code execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/07/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-09T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04"
},
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602"
},
{
"name": "[oss-security] 20130107 Re: CVE Request: Jenkins possible remote code execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/07/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0158",
"datePublished": "2013-02-24T22:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-05-14 19:55
Modified
2024-11-21 01:50
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1883ADFF-74C1-4A59-8F45-392810E89E64",
"versionEndIncluding": "1.513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.466:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B055B30F-8650-419D-8A17-681FB96762E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.480:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "01F691EE-11D4-47CD-A07B-1002CAAB0EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.509:*:*:*:lts:*:*:*",
"matchCriteriaId": "32675A89-01CA-4D22-9C78-9334036CC9D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x en versiones anteriores a 1.466.14.1 y 1.480.x en versiones anteriores a 1.480.4.1 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones de (1) ejecutar c\u00f3digo arbitrario o (2) iniciar el despliegue de binarios para un repositorio Maven a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-2034",
"lastModified": "2024-11-21T01:50:54.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-14T19:55:07.403",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/92981"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/92981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 22:55
Modified
2024-11-21 01:45
Severity ?
Summary
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447.1.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "64DC99F9-DA01-4A7B-9AB6-8CCBEB1C0E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447.2.2:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "894B96E5-3B3C-4D0E-8BED-5911A2AA2D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447.3.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "54BF2C2C-C920-41B7-A938-DA6CFADCEC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.400:-:lts:*:*:*:*:*",
"matchCriteriaId": "65C51F95-07E8-4F9F-B0D9-D5E5360F17F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424:-:lts:*:*:*:*:*",
"matchCriteriaId": "E3A59F7E-1D1C-4E78-8CCC-4C05CBC6DE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447:-:lts:*:*:*:*:*",
"matchCriteriaId": "830BA953-FE5C-457F-9CD5-8DAB70C54CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06E9DD9A-E695-4F26-9790-D41D6C265CA7",
"versionEndIncluding": "1.466.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA024CA-1D9C-44B8-88B8-3663691B6EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B759C60-B2D2-4C0C-89C2-6A089982C945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E73C86A-5AC5-4D9D-9F5C-BDF5F06C45B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F09B4E-DD5B-477C-9547-7C2D8039BCD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.2:*:*:*:*:*:*:*",
"matchCriteriaId": "744A5B4A-7B8E-40FE-9FE2-C935822FC65A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF148AFF-8AF1-43B8-B184-CAC0436F86AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB21AA0-964A-4F69-8570-1742A5E6DA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9517BF55-D76E-4A2B-A439-E43AC11B5C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0693E3B0-678C-4029-9A3F-64128D631571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.447.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76F21028-9881-4669-B367-E9B35AC7601B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.447.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59D9137C-C8DD-47A2-8D7F-318BAADA2A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.466.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC602437-C693-4555-A4DA-A061BAF3E2F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.466.1.2:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "26046DC7-335B-4E29-86F3-A2077AD32AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.466.2.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "C5D05B3A-8709-4061-810E-656B6D5BDAED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D692CD-0DD7-4777-AE59-13CB723BCC2D",
"versionEndIncluding": "1.480.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F7CBDA-3667-4BC3-84DD-1544621A085B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FC15F-E309-49D5-AE5D-9A7B2D14E87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.402:*:*:*:*:*:*:*",
"matchCriteriaId": "79096D36-805A-4A51-807D-D8ADD539E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.403:*:*:*:*:*:*:*",
"matchCriteriaId": "8C784E41-2F84-43DD-8CB5-BF351885248F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.404:*:*:*:*:*:*:*",
"matchCriteriaId": "34A76EBB-2ECB-403F-B56D-C39E6119435E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.405:*:*:*:*:*:*:*",
"matchCriteriaId": "5D429FE3-D808-4625-BD44-703D2E87EE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.406:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE7E602-AD1A-4547-A3AC-C9F8B94EAF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.407:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8B008A-76C7-495A-B8A6-25BA19E37C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.408:*:*:*:*:*:*:*",
"matchCriteriaId": "CD609494-12EA-40AC-8EA7-30E9454BF533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CA4168-E3B3-42A1-90BC-66D6ADA1A847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "1657F755-942D-4F6F-A55A-F0633BD14547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.411:*:*:*:*:*:*:*",
"matchCriteriaId": "E2231A9B-4E1F-4077-8B3F-C7FDAE73475D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.412:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF9A1C7-7C53-46BC-B433-34FE9A11C2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.413:*:*:*:*:*:*:*",
"matchCriteriaId": "CA19A7DF-A800-4664-B799-1FCBA8D63788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.414:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1F843B-56CD-4A67-92C3-AC4957221D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.415:*:*:*:*:*:*:*",
"matchCriteriaId": "C53EC41A-13ED-432C-9240-FA429E85B1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.416:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEF2C98-D4A5-4004-BD39-6400531FF7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.417:*:*:*:*:*:*:*",
"matchCriteriaId": "E357EACF-210E-433F-81F1-659A4F3352B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.418:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD8EE26-DB37-49FC-B8D6-7D56FA249D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.419:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2808D7-72FD-4EB7-9459-21F611509305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "891AAB03-DA45-4AB3-B0F4-01FCD4E545C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.421:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D4E1B-82CC-490B-AF4D-52EAC7DF85CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.422:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1C29A7-1226-4179-9275-20C98D649631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.423:*:*:*:*:*:*:*",
"matchCriteriaId": "8924363E-3C74-4AE6-9CAB-74FF38E16457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DF595E-17B5-4DDF-A875-B650AA789F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.425:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F76FBA-5E35-4A3D-85E6-9778982B246D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.426:*:*:*:*:*:*:*",
"matchCriteriaId": "E15232BB-090A-448C-BD50-92C97984CC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.427:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4A0247-3C79-4F78-A086-877B5C5E1252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.428:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA375A6-68B4-49D0-BDD0-E7FB0276C9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.429:*:*:*:*:*:*:*",
"matchCriteriaId": "09D44683-47F1-4E7A-8B63-F2932836CD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "0523F7C0-BCA4-4A75-BA83-0E0BEEED279A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.431:*:*:*:*:*:*:*",
"matchCriteriaId": "A52383BB-66BF-4C87-9DA5-B278DD32CA66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.432:*:*:*:*:*:*:*",
"matchCriteriaId": "359CC43E-9ADC-4270-A015-0D1CD6D98B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.433:*:*:*:*:*:*:*",
"matchCriteriaId": "2968A12D-7CAF-4D8B-8E88-28204EA284FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.434:*:*:*:*:*:*:*",
"matchCriteriaId": "17E95B6C-05F4-46A0-B36F-7F6A52B848F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.435:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CAF85B-B825-4B7A-ACF9-A52E1E930592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.436:*:*:*:*:*:*:*",
"matchCriteriaId": "75416939-96FB-4970-AB14-4374F3B80504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.437:*:*:*:*:*:*:*",
"matchCriteriaId": "6B78DF52-88A5-49A9-B705-16B42A9039C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.0.2:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "4D47B599-AD9E-4CC7-99B0-5BBCE21FE12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.0.4:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "1A64AD04-F3A7-493D-9092-D44203390ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.1.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "1008C47A-B18E-4888-A8D0-5E3BAE4406C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.2.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "9103E105-898E-49CB-AAEE-A01948678537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.4.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "46ACF9F0-E9B9-4BAC-A351-470E8B102737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.5.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "FDC2EC22-7A4F-492F-9723-386B238CAA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.6.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "EF8269EF-2E74-4B21-ADFD-8AECD2383176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.6.11:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "713EEE59-CAE4-4E35-9E56-31BFB6311640",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en Jenkins en versiones anteriores a 1.491, Jenkins LTS en versiones anteriores a 1.480.1 y Jenkins Enterprise 1.424.x en versiones anteriores a 1.424.6.13, 1.447.x en versiones anteriores a 1.447.4.1 y 1.466.x en versiones anteriores a 1.466.10.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y lleva a cabo ataques de separaci\u00f3n de respuesta HTTP a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-6072",
"lastModified": "2024-11-21T01:45:45.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-24T22:55:01.097",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890607"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 22:55
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D692CD-0DD7-4777-AE59-13CB723BCC2D",
"versionEndIncluding": "1.480.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F7CBDA-3667-4BC3-84DD-1544621A085B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FC15F-E309-49D5-AE5D-9A7B2D14E87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.402:*:*:*:*:*:*:*",
"matchCriteriaId": "79096D36-805A-4A51-807D-D8ADD539E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.403:*:*:*:*:*:*:*",
"matchCriteriaId": "8C784E41-2F84-43DD-8CB5-BF351885248F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.404:*:*:*:*:*:*:*",
"matchCriteriaId": "34A76EBB-2ECB-403F-B56D-C39E6119435E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.405:*:*:*:*:*:*:*",
"matchCriteriaId": "5D429FE3-D808-4625-BD44-703D2E87EE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.406:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE7E602-AD1A-4547-A3AC-C9F8B94EAF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.407:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8B008A-76C7-495A-B8A6-25BA19E37C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.408:*:*:*:*:*:*:*",
"matchCriteriaId": "CD609494-12EA-40AC-8EA7-30E9454BF533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CA4168-E3B3-42A1-90BC-66D6ADA1A847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "1657F755-942D-4F6F-A55A-F0633BD14547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.411:*:*:*:*:*:*:*",
"matchCriteriaId": "E2231A9B-4E1F-4077-8B3F-C7FDAE73475D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.412:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF9A1C7-7C53-46BC-B433-34FE9A11C2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.413:*:*:*:*:*:*:*",
"matchCriteriaId": "CA19A7DF-A800-4664-B799-1FCBA8D63788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.414:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1F843B-56CD-4A67-92C3-AC4957221D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.415:*:*:*:*:*:*:*",
"matchCriteriaId": "C53EC41A-13ED-432C-9240-FA429E85B1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.416:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEF2C98-D4A5-4004-BD39-6400531FF7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.417:*:*:*:*:*:*:*",
"matchCriteriaId": "E357EACF-210E-433F-81F1-659A4F3352B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.418:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD8EE26-DB37-49FC-B8D6-7D56FA249D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.419:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2808D7-72FD-4EB7-9459-21F611509305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "891AAB03-DA45-4AB3-B0F4-01FCD4E545C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.421:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D4E1B-82CC-490B-AF4D-52EAC7DF85CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.422:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1C29A7-1226-4179-9275-20C98D649631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.423:*:*:*:*:*:*:*",
"matchCriteriaId": "8924363E-3C74-4AE6-9CAB-74FF38E16457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DF595E-17B5-4DDF-A875-B650AA789F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.425:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F76FBA-5E35-4A3D-85E6-9778982B246D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.426:*:*:*:*:*:*:*",
"matchCriteriaId": "E15232BB-090A-448C-BD50-92C97984CC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.427:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4A0247-3C79-4F78-A086-877B5C5E1252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.428:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA375A6-68B4-49D0-BDD0-E7FB0276C9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.429:*:*:*:*:*:*:*",
"matchCriteriaId": "09D44683-47F1-4E7A-8B63-F2932836CD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "0523F7C0-BCA4-4A75-BA83-0E0BEEED279A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.431:*:*:*:*:*:*:*",
"matchCriteriaId": "A52383BB-66BF-4C87-9DA5-B278DD32CA66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.432:*:*:*:*:*:*:*",
"matchCriteriaId": "359CC43E-9ADC-4270-A015-0D1CD6D98B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.433:*:*:*:*:*:*:*",
"matchCriteriaId": "2968A12D-7CAF-4D8B-8E88-28204EA284FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.434:*:*:*:*:*:*:*",
"matchCriteriaId": "17E95B6C-05F4-46A0-B36F-7F6A52B848F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.435:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CAF85B-B825-4B7A-ACF9-A52E1E930592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.436:*:*:*:*:*:*:*",
"matchCriteriaId": "75416939-96FB-4970-AB14-4374F3B80504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.437:*:*:*:*:*:*:*",
"matchCriteriaId": "6B78DF52-88A5-49A9-B705-16B42A9039C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447.1.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "64DC99F9-DA01-4A7B-9AB6-8CCBEB1C0E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447.2.2:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "894B96E5-3B3C-4D0E-8BED-5911A2AA2D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447.3.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "54BF2C2C-C920-41B7-A938-DA6CFADCEC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.0.2:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "4D47B599-AD9E-4CC7-99B0-5BBCE21FE12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.0.4:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "1A64AD04-F3A7-493D-9092-D44203390ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.1.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "1008C47A-B18E-4888-A8D0-5E3BAE4406C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.2.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "9103E105-898E-49CB-AAEE-A01948678537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.4.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "46ACF9F0-E9B9-4BAC-A351-470E8B102737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.5.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "FDC2EC22-7A4F-492F-9723-386B238CAA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.6.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "EF8269EF-2E74-4B21-ADFD-8AECD2383176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.6.11:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "713EEE59-CAE4-4E35-9E56-31BFB6311640",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.466.1.2:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "26046DC7-335B-4E29-86F3-A2077AD32AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.466.2.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "C5D05B3A-8709-4061-810E-656B6D5BDAED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.400:-:lts:*:*:*:*:*",
"matchCriteriaId": "65C51F95-07E8-4F9F-B0D9-D5E5360F17F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424:-:lts:*:*:*:*:*",
"matchCriteriaId": "E3A59F7E-1D1C-4E78-8CCC-4C05CBC6DE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447:-:lts:*:*:*:*:*",
"matchCriteriaId": "830BA953-FE5C-457F-9CD5-8DAB70C54CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06E9DD9A-E695-4F26-9790-D41D6C265CA7",
"versionEndIncluding": "1.466.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA024CA-1D9C-44B8-88B8-3663691B6EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B759C60-B2D2-4C0C-89C2-6A089982C945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E73C86A-5AC5-4D9D-9F5C-BDF5F06C45B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F09B4E-DD5B-477C-9547-7C2D8039BCD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.2:*:*:*:*:*:*:*",
"matchCriteriaId": "744A5B4A-7B8E-40FE-9FE2-C935822FC65A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF148AFF-8AF1-43B8-B184-CAC0436F86AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB21AA0-964A-4F69-8570-1742A5E6DA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9517BF55-D76E-4A2B-A439-E43AC11B5C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0693E3B0-678C-4029-9A3F-64128D631571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.447.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76F21028-9881-4669-B367-E9B35AC7601B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.447.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59D9137C-C8DD-47A2-8D7F-318BAADA2A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.466.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC602437-C693-4555-A4DA-A061BAF3E2F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.491, Jenkins LTS en versiones anteriores a 1.480.1 y Jenkins Enterprise 1.424.x en versiones anteriores a 1.424.6.13, 1.447.x en versiones anteriores a 1.447.4.1 y 1.466.x en versiones anteriores a 1.466.10.1 permite a usuarios remotos autenticados con acceso de escritura inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-6074",
"lastModified": "2024-11-21T01:45:45.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-24T22:55:01.207",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/28/1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890612"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/28/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 22:55
Modified
2024-11-21 01:46
Severity ?
Summary
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D692CD-0DD7-4777-AE59-13CB723BCC2D",
"versionEndIncluding": "1.480.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F7CBDA-3667-4BC3-84DD-1544621A085B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FC15F-E309-49D5-AE5D-9A7B2D14E87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.402:*:*:*:*:*:*:*",
"matchCriteriaId": "79096D36-805A-4A51-807D-D8ADD539E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.403:*:*:*:*:*:*:*",
"matchCriteriaId": "8C784E41-2F84-43DD-8CB5-BF351885248F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.404:*:*:*:*:*:*:*",
"matchCriteriaId": "34A76EBB-2ECB-403F-B56D-C39E6119435E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.405:*:*:*:*:*:*:*",
"matchCriteriaId": "5D429FE3-D808-4625-BD44-703D2E87EE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.406:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE7E602-AD1A-4547-A3AC-C9F8B94EAF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.407:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8B008A-76C7-495A-B8A6-25BA19E37C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.408:*:*:*:*:*:*:*",
"matchCriteriaId": "CD609494-12EA-40AC-8EA7-30E9454BF533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CA4168-E3B3-42A1-90BC-66D6ADA1A847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "1657F755-942D-4F6F-A55A-F0633BD14547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.411:*:*:*:*:*:*:*",
"matchCriteriaId": "E2231A9B-4E1F-4077-8B3F-C7FDAE73475D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.412:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF9A1C7-7C53-46BC-B433-34FE9A11C2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.413:*:*:*:*:*:*:*",
"matchCriteriaId": "CA19A7DF-A800-4664-B799-1FCBA8D63788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.414:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1F843B-56CD-4A67-92C3-AC4957221D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.415:*:*:*:*:*:*:*",
"matchCriteriaId": "C53EC41A-13ED-432C-9240-FA429E85B1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.416:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEF2C98-D4A5-4004-BD39-6400531FF7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.417:*:*:*:*:*:*:*",
"matchCriteriaId": "E357EACF-210E-433F-81F1-659A4F3352B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.418:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD8EE26-DB37-49FC-B8D6-7D56FA249D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.419:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2808D7-72FD-4EB7-9459-21F611509305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "891AAB03-DA45-4AB3-B0F4-01FCD4E545C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.421:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D4E1B-82CC-490B-AF4D-52EAC7DF85CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.422:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1C29A7-1226-4179-9275-20C98D649631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.423:*:*:*:*:*:*:*",
"matchCriteriaId": "8924363E-3C74-4AE6-9CAB-74FF38E16457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DF595E-17B5-4DDF-A875-B650AA789F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.425:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F76FBA-5E35-4A3D-85E6-9778982B246D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.426:*:*:*:*:*:*:*",
"matchCriteriaId": "E15232BB-090A-448C-BD50-92C97984CC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.427:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4A0247-3C79-4F78-A086-877B5C5E1252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.428:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA375A6-68B4-49D0-BDD0-E7FB0276C9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.429:*:*:*:*:*:*:*",
"matchCriteriaId": "09D44683-47F1-4E7A-8B63-F2932836CD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "0523F7C0-BCA4-4A75-BA83-0E0BEEED279A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.431:*:*:*:*:*:*:*",
"matchCriteriaId": "A52383BB-66BF-4C87-9DA5-B278DD32CA66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.432:*:*:*:*:*:*:*",
"matchCriteriaId": "359CC43E-9ADC-4270-A015-0D1CD6D98B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.433:*:*:*:*:*:*:*",
"matchCriteriaId": "2968A12D-7CAF-4D8B-8E88-28204EA284FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.434:*:*:*:*:*:*:*",
"matchCriteriaId": "17E95B6C-05F4-46A0-B36F-7F6A52B848F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.435:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CAF85B-B825-4B7A-ACF9-A52E1E930592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.436:*:*:*:*:*:*:*",
"matchCriteriaId": "75416939-96FB-4970-AB14-4374F3B80504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.437:*:*:*:*:*:*:*",
"matchCriteriaId": "6B78DF52-88A5-49A9-B705-16B42A9039C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.466.1.2:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "26046DC7-335B-4E29-86F3-A2077AD32AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.466.2.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "C5D05B3A-8709-4061-810E-656B6D5BDAED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.400:-:lts:*:*:*:*:*",
"matchCriteriaId": "65C51F95-07E8-4F9F-B0D9-D5E5360F17F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424:-:lts:*:*:*:*:*",
"matchCriteriaId": "E3A59F7E-1D1C-4E78-8CCC-4C05CBC6DE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447:-:lts:*:*:*:*:*",
"matchCriteriaId": "830BA953-FE5C-457F-9CD5-8DAB70C54CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06E9DD9A-E695-4F26-9790-D41D6C265CA7",
"versionEndIncluding": "1.466.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA024CA-1D9C-44B8-88B8-3663691B6EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B759C60-B2D2-4C0C-89C2-6A089982C945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E73C86A-5AC5-4D9D-9F5C-BDF5F06C45B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F09B4E-DD5B-477C-9547-7C2D8039BCD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.2:*:*:*:*:*:*:*",
"matchCriteriaId": "744A5B4A-7B8E-40FE-9FE2-C935822FC65A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF148AFF-8AF1-43B8-B184-CAC0436F86AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB21AA0-964A-4F69-8570-1742A5E6DA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9517BF55-D76E-4A2B-A439-E43AC11B5C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0693E3B0-678C-4029-9A3F-64128D631571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.447.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76F21028-9881-4669-B367-E9B35AC7601B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.447.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59D9137C-C8DD-47A2-8D7F-318BAADA2A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.466.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC602437-C693-4555-A4DA-A061BAF3E2F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447.1.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "64DC99F9-DA01-4A7B-9AB6-8CCBEB1C0E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447.2.2:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "894B96E5-3B3C-4D0E-8BED-5911A2AA2D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447.3.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "54BF2C2C-C920-41B7-A938-DA6CFADCEC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Jenkins en versiones anteriores a 1.498, Jenkins LTS en versiones anteriores a 1.480.2 y Jenkins Enterprise 1.447.x en versiones anteriores a 1.447.6.1 y 1.466.x en versiones anteriores a 1.466.12.1, cuando se conecta un esclavo y el acceso de lectura an\u00f3nima est\u00e1 habilitado, permite a atacantes remotos obtener la clave de cifrado maestra a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2013-0158",
"lastModified": "2024-11-21T01:46:57.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-24T22:55:01.253",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/01/07/4"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892795"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/01/07/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-09 11:55
Modified
2024-11-21 01:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6B801C-8792-4DFC-9301-A3D961CFEA3C",
"versionEndIncluding": "1.453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.301:*:*:*:*:*:*:*",
"matchCriteriaId": "2A974CAC-96BB-4C59-A8DF-5857CCBB4266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.302:*:*:*:*:*:*:*",
"matchCriteriaId": "4ADE6814-F35D-4689-93B7-039BD2997361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.303:*:*:*:*:*:*:*",
"matchCriteriaId": "8D82D77F-5AE9-41A7-8C40-B3D12E776BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.304:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8BF58E-ABFC-4FD8-A2D6-81D38F3A14D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.305:*:*:*:*:*:*:*",
"matchCriteriaId": "31F7D46F-4C03-4ADE-9B92-DC0BFCC8CEE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.306:*:*:*:*:*:*:*",
"matchCriteriaId": "69D16508-4113-4290-89F2-4D29C4C0791A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.307:*:*:*:*:*:*:*",
"matchCriteriaId": "8F7555D3-3148-41E9-960E-E05097398263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.308:*:*:*:*:*:*:*",
"matchCriteriaId": "67F5A8B8-5D00-4F59-A55F-C446F0ABDB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.309:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC252CA-680D-4024-8B9A-E45270F94BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.310:*:*:*:*:*:*:*",
"matchCriteriaId": "CD13972D-8E93-4B4D-A614-E6B93CE6C291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.311:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A0D529-94B1-4923-8169-58B0286AD60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.312:*:*:*:*:*:*:*",
"matchCriteriaId": "144AADB9-9195-48FB-94B4-4E509BDBEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.313:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6B769C-0FF3-47F5-A869-AB5ABF6C0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.314:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DB70CF-C7CF-4EF1-B0B2-B706693B87AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.315:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC47725-86E5-4DAE-8EA2-720515E5A15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.316:*:*:*:*:*:*:*",
"matchCriteriaId": "605882F7-9C63-4CAE-9C30-79C002D338A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.317:*:*:*:*:*:*:*",
"matchCriteriaId": "14985B0D-2361-4EF3-A729-188041BC5AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.318:*:*:*:*:*:*:*",
"matchCriteriaId": "421E9899-5378-47BF-B8DA-71204607AE6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.319:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0F0706-6391-4FB4-B066-2031E285F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.320:*:*:*:*:*:*:*",
"matchCriteriaId": "79104118-EE32-4C58-95CB-73114A24DBE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.321:*:*:*:*:*:*:*",
"matchCriteriaId": "D9414894-9E05-4FF5-9D31-A6A543B70509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.322:*:*:*:*:*:*:*",
"matchCriteriaId": "012622A1-91DF-47F3-AD35-45CE4C23A680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.323:*:*:*:*:*:*:*",
"matchCriteriaId": "48FEE98A-E452-43F2-A303-B77CAE48D138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.324:*:*:*:*:*:*:*",
"matchCriteriaId": "40AF0791-082E-4E76-9477-1A87D35AE4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.325:*:*:*:*:*:*:*",
"matchCriteriaId": "850A3BBB-3615-4478-84C5-32F469AD3902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.326:*:*:*:*:*:*:*",
"matchCriteriaId": "BF052573-48C6-4449-972F-5800A22FDCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.327:*:*:*:*:*:*:*",
"matchCriteriaId": "4DFD19AF-F380-4F72-9D61-625586978F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.328:*:*:*:*:*:*:*",
"matchCriteriaId": "45ABF840-E762-4C8B-871C-9EAE6298378D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.329:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0DD5E5-DC8D-42A9-9953-CDD7184DF26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.330:*:*:*:*:*:*:*",
"matchCriteriaId": "A62A2715-BFEB-4293-B74C-AB50652EC8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.331:*:*:*:*:*:*:*",
"matchCriteriaId": "62149AF1-4494-4C8D-95B8-259BDB65651B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.332:*:*:*:*:*:*:*",
"matchCriteriaId": "2D291778-32A9-4E1D-B00A-BFF03F84008B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.333:*:*:*:*:*:*:*",
"matchCriteriaId": "3762FEDF-CD8B-4D71-8A44-54624A81BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.334:*:*:*:*:*:*:*",
"matchCriteriaId": "12D2846B-577A-4E17-8E07-6643EA5C517F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.335:*:*:*:*:*:*:*",
"matchCriteriaId": "70D4DF46-F517-49E8-A5B6-249BB7521BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.336:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2C2679-64FD-44AE-9CB3-92782479DDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.337:*:*:*:*:*:*:*",
"matchCriteriaId": "DC505A92-0F66-46D4-9C44-6155E0F7E628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.338:*:*:*:*:*:*:*",
"matchCriteriaId": "20855A6B-4077-4F82-AA85-CE71EC69013D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.339:*:*:*:*:*:*:*",
"matchCriteriaId": "31BEE7AA-170A-40FE-B1C6-21DF1E2C7454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.340:*:*:*:*:*:*:*",
"matchCriteriaId": "13278498-E182-49C0-A278-429E4C58546F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.341:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4B5330-C1C6-40A4-B854-4805908F874D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.342:*:*:*:*:*:*:*",
"matchCriteriaId": "8A40DD43-A2D2-4774-8ECB-84B5DB789AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.343:*:*:*:*:*:*:*",
"matchCriteriaId": "21B24593-9474-42B1-8082-B87EBD995B88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.344:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9DDD2-3E57-4BCC-A77C-E7A18335CB80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.345:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1D4C94-5934-47D0-92A6-0256604CCEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.346:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2A70DD-87CB-4E75-88EB-1C89307E4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.347:*:*:*:*:*:*:*",
"matchCriteriaId": "5901D776-C8C3-44ED-BBA1-0D79B7B0C9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.348:*:*:*:*:*:*:*",
"matchCriteriaId": "AA03F3DE-7F9F-4D08-8331-7CF4EAF5A5C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.349:*:*:*:*:*:*:*",
"matchCriteriaId": "78B88B29-B45F-4A41-AC2B-A6E37E6F7A2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.350:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B2810A-5230-4C0B-A575-52AA8292EDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.351:*:*:*:*:*:*:*",
"matchCriteriaId": "100C8710-3F38-4A2D-B09D-69E7C09A0212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.352:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE44584-DAED-4287-BACA-7932A0137AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.353:*:*:*:*:*:*:*",
"matchCriteriaId": "740DCB6B-7CB9-4373-97A1-CA02C72C5C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.354:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2BF720-A5AD-4B77-A23E-078E06634830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.355:*:*:*:*:*:*:*",
"matchCriteriaId": "968EED5F-4FA6-4972-85C7-7ACA5CC51E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.356:*:*:*:*:*:*:*",
"matchCriteriaId": "46E94DD4-B599-4F4B-B5F9-2D1D61C4CFE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.357:*:*:*:*:*:*:*",
"matchCriteriaId": "D4753F4C-8540-4231-914E-C4CBBFAB1118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.358:*:*:*:*:*:*:*",
"matchCriteriaId": "5B884FA0-4A80-404E-BE63-9074FF95C5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.359:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACC2276-FC22-4D5B-8573-4863C23C3CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.360:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6368F6-1E43-4502-87A2-F454F6B258E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.361:*:*:*:*:*:*:*",
"matchCriteriaId": "19874F4A-F2D4-44E2-B900-E4D98643593A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.362:*:*:*:*:*:*:*",
"matchCriteriaId": "AE610345-468A-46EE-9033-CF1D327F3696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.363:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F0C2F0-7CC2-4D7B-85AB-C495105AF05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.364:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD26E56-86F2-4ACA-A19F-7B989BA2EC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.365:*:*:*:*:*:*:*",
"matchCriteriaId": "45DCFEED-D677-4F73-9D80-2F96076D6378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.366:*:*:*:*:*:*:*",
"matchCriteriaId": "022775A4-F95C-48A8-90CD-67AB5F653A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.367:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDA38C3-B629-4510-9B4A-1696D96D0CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.368:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4E2793-8654-43D7-8B3B-649E349EA519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.369:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4E4732-ED35-4BBC-A6FB-2567697DC902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE26A4B-1F83-430E-B0DC-8F11D239E86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.371:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3955BA-0795-4C5B-BDA6-B6F1B6AE9769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.372:*:*:*:*:*:*:*",
"matchCriteriaId": "D40B558E-7206-4D6A-8B47-6C5FDCDC9DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.373:*:*:*:*:*:*:*",
"matchCriteriaId": "2261A96C-8D00-4829-9B54-2EA0360B4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.374:*:*:*:*:*:*:*",
"matchCriteriaId": "C548E3A0-4B28-4B9C-AFD0-9ACD0B612870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.375:*:*:*:*:*:*:*",
"matchCriteriaId": "8726B250-77F8-44C0-B982-706F4F4A1F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.376:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8D81D1-DAAF-4A87-8A05-1085809EB8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.377:*:*:*:*:*:*:*",
"matchCriteriaId": "540FCCD6-EEED-4781-A7E2-2656BDAFAA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.378:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF3ECC1-3ECA-48FC-95EC-053C9181A00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.379:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E7CFEA-D892-49D0-A93F-44893DDEE352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.380:*:*:*:*:*:*:*",
"matchCriteriaId": "08615FFC-55A3-49CF-824A-AAA4613EE01B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.382:*:*:*:*:*:*:*",
"matchCriteriaId": "667E95CA-935E-4911-AF5F-0B57A5657DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.383:*:*:*:*:*:*:*",
"matchCriteriaId": "85D3BB26-3640-48DF-8E04-F2D6A0DA3969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.384:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7D1A99-15F6-4D26-964E-3750E58600A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.386:*:*:*:*:*:*:*",
"matchCriteriaId": "CFDD62E4-A364-4885-BDE4-F68C68A0D338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.387:*:*:*:*:*:*:*",
"matchCriteriaId": "A78A0DE8-A6CC-4A6A-B55D-B6F23085156B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.388:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3ED3E0-6EB4-4BAF-B49D-EB362DED9D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.389:*:*:*:*:*:*:*",
"matchCriteriaId": "0105E476-9714-4055-BA23-BE70A6CE6226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.390:*:*:*:*:*:*:*",
"matchCriteriaId": "730F6D2A-8CCD-4520-B63E-676281B8DF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.391:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EF0E22-94F7-4999-AB3A-858AEDAD3A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.392:*:*:*:*:*:*:*",
"matchCriteriaId": "8628CA5B-39FD-4339-8B33-02C3B4C5F77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.393:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2F0C3A-E4A6-4F27-99F3-964415975338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.394:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CAD8E0-7DF0-4EC7-8922-D9D142A722C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.395:*:*:*:*:*:*:*",
"matchCriteriaId": "57CDFD8A-B3D4-4696-9D61-A500CBA247D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.396:*:*:*:*:*:*:*",
"matchCriteriaId": "DC77B202-B07D-4FD6-A41C-F77E32401CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.397:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D5EDC0-9275-413A-9BBD-15FF7030C51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.398:*:*:*:*:*:*:*",
"matchCriteriaId": "2C606F69-1DC4-4D1E-9979-7AE49176AA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.399:*:*:*:*:*:*:*",
"matchCriteriaId": "9E66E35B-273B-405D-BA2E-C6DE33C67DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F7CBDA-3667-4BC3-84DD-1544621A085B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FC15F-E309-49D5-AE5D-9A7B2D14E87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.402:*:*:*:*:*:*:*",
"matchCriteriaId": "79096D36-805A-4A51-807D-D8ADD539E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.403:*:*:*:*:*:*:*",
"matchCriteriaId": "8C784E41-2F84-43DD-8CB5-BF351885248F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.404:*:*:*:*:*:*:*",
"matchCriteriaId": "34A76EBB-2ECB-403F-B56D-C39E6119435E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.405:*:*:*:*:*:*:*",
"matchCriteriaId": "5D429FE3-D808-4625-BD44-703D2E87EE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.406:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE7E602-AD1A-4547-A3AC-C9F8B94EAF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.407:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8B008A-76C7-495A-B8A6-25BA19E37C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.408:*:*:*:*:*:*:*",
"matchCriteriaId": "CD609494-12EA-40AC-8EA7-30E9454BF533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CA4168-E3B3-42A1-90BC-66D6ADA1A847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA024CA-1D9C-44B8-88B8-3663691B6EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B759C60-B2D2-4C0C-89C2-6A089982C945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "1657F755-942D-4F6F-A55A-F0633BD14547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.411:*:*:*:*:*:*:*",
"matchCriteriaId": "E2231A9B-4E1F-4077-8B3F-C7FDAE73475D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.412:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF9A1C7-7C53-46BC-B433-34FE9A11C2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.413:*:*:*:*:*:*:*",
"matchCriteriaId": "CA19A7DF-A800-4664-B799-1FCBA8D63788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.414:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1F843B-56CD-4A67-92C3-AC4957221D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.415:*:*:*:*:*:*:*",
"matchCriteriaId": "C53EC41A-13ED-432C-9240-FA429E85B1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.416:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEF2C98-D4A5-4004-BD39-6400531FF7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.417:*:*:*:*:*:*:*",
"matchCriteriaId": "E357EACF-210E-433F-81F1-659A4F3352B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.418:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD8EE26-DB37-49FC-B8D6-7D56FA249D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.419:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2808D7-72FD-4EB7-9459-21F611509305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "891AAB03-DA45-4AB3-B0F4-01FCD4E545C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.421:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D4E1B-82CC-490B-AF4D-52EAC7DF85CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.422:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1C29A7-1226-4179-9275-20C98D649631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.423:*:*:*:*:*:*:*",
"matchCriteriaId": "8924363E-3C74-4AE6-9CAB-74FF38E16457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DF595E-17B5-4DDF-A875-B650AA789F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.425:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F76FBA-5E35-4A3D-85E6-9778982B246D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.426:*:*:*:*:*:*:*",
"matchCriteriaId": "E15232BB-090A-448C-BD50-92C97984CC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.427:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4A0247-3C79-4F78-A086-877B5C5E1252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.428:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA375A6-68B4-49D0-BDD0-E7FB0276C9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.429:*:*:*:*:*:*:*",
"matchCriteriaId": "09D44683-47F1-4E7A-8B63-F2932836CD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "0523F7C0-BCA4-4A75-BA83-0E0BEEED279A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.431:*:*:*:*:*:*:*",
"matchCriteriaId": "A52383BB-66BF-4C87-9DA5-B278DD32CA66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.432:*:*:*:*:*:*:*",
"matchCriteriaId": "359CC43E-9ADC-4270-A015-0D1CD6D98B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.433:*:*:*:*:*:*:*",
"matchCriteriaId": "2968A12D-7CAF-4D8B-8E88-28204EA284FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.434:*:*:*:*:*:*:*",
"matchCriteriaId": "17E95B6C-05F4-46A0-B36F-7F6A52B848F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.435:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CAF85B-B825-4B7A-ACF9-A52E1E930592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.436:*:*:*:*:*:*:*",
"matchCriteriaId": "75416939-96FB-4970-AB14-4374F3B80504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.437:*:*:*:*:*:*:*",
"matchCriteriaId": "6B78DF52-88A5-49A9-B705-16B42A9039C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.400:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "5E323327-2AC7-4C67-B6A1-2557DFFD3EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.400.0.12:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "66D02C83-4B93-4D42-B2E7-E2D3EE758408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "5ED83C83-2778-43FE-85CE-08964B55DA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.5:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "2AF7257B-8EAD-4A82-B7DE-E54BDF4FC1A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.400:*:lts:*:*:*:*:*",
"matchCriteriaId": "489F75E1-0A84-44AC-9C87-842D596CF2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.400.0.12:*:lts:*:*:*:*:*",
"matchCriteriaId": "BD126D1C-320E-47D1-8D67-D14DB619D07D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.454, Jenkins LTS en versiones anteriores a 1.424.5 y Jenkins Enterprise 1.400.x en versiones anteriores a 1.400.0.13 y 1.424.x en versiones anteriores a 1.424.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2012-0324."
}
],
"id": "CVE-2012-0325",
"lastModified": "2024-11-21T01:34:48.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-03-09T11:55:01.083",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN79950061/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/52384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN79950061/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52384"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-10 20:29
Modified
2024-11-21 01:50
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "9DEB754D-6FB5-4C18-9849-601376B8389E",
"versionEndExcluding": "1.509.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5AEA82-4DE5-40EB-8753-05F35B8A25E5",
"versionEndExcluding": "1.514",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "9A4DCD6B-B849-423C-A13E-8DCA5DA4708D",
"versionEndExcluding": "1.466.14.1",
"versionStartIncluding": "1.466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "4375BEE9-8D59-4177-86BD-75515A639EB8",
"versionEndExcluding": "1.480.4.1",
"versionStartIncluding": "1.480",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x en versiones anteriores a 1.466.14.1 y 1.480.x en versiones anteriores a 1.480.4.1 permite a usuarios remotos autenticados con permisos de escritura inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-2033",
"lastModified": "2024-11-21T01:50:54.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-10T20:29:20.127",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/92982"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"source": "secalert@redhat.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/92982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84004"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-09 11:55
Modified
2024-11-21 01:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.400:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "5E323327-2AC7-4C67-B6A1-2557DFFD3EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.400.0.12:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "66D02C83-4B93-4D42-B2E7-E2D3EE758408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "5ED83C83-2778-43FE-85CE-08964B55DA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.5:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "2AF7257B-8EAD-4A82-B7DE-E54BDF4FC1A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.400:*:lts:*:*:*:*:*",
"matchCriteriaId": "489F75E1-0A84-44AC-9C87-842D596CF2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.400.0.12:*:lts:*:*:*:*:*",
"matchCriteriaId": "BD126D1C-320E-47D1-8D67-D14DB619D07D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6B801C-8792-4DFC-9301-A3D961CFEA3C",
"versionEndIncluding": "1.453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.301:*:*:*:*:*:*:*",
"matchCriteriaId": "2A974CAC-96BB-4C59-A8DF-5857CCBB4266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.302:*:*:*:*:*:*:*",
"matchCriteriaId": "4ADE6814-F35D-4689-93B7-039BD2997361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.303:*:*:*:*:*:*:*",
"matchCriteriaId": "8D82D77F-5AE9-41A7-8C40-B3D12E776BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.304:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8BF58E-ABFC-4FD8-A2D6-81D38F3A14D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.305:*:*:*:*:*:*:*",
"matchCriteriaId": "31F7D46F-4C03-4ADE-9B92-DC0BFCC8CEE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.306:*:*:*:*:*:*:*",
"matchCriteriaId": "69D16508-4113-4290-89F2-4D29C4C0791A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.307:*:*:*:*:*:*:*",
"matchCriteriaId": "8F7555D3-3148-41E9-960E-E05097398263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.308:*:*:*:*:*:*:*",
"matchCriteriaId": "67F5A8B8-5D00-4F59-A55F-C446F0ABDB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.309:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC252CA-680D-4024-8B9A-E45270F94BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.310:*:*:*:*:*:*:*",
"matchCriteriaId": "CD13972D-8E93-4B4D-A614-E6B93CE6C291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.311:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A0D529-94B1-4923-8169-58B0286AD60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.312:*:*:*:*:*:*:*",
"matchCriteriaId": "144AADB9-9195-48FB-94B4-4E509BDBEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.313:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6B769C-0FF3-47F5-A869-AB5ABF6C0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.314:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DB70CF-C7CF-4EF1-B0B2-B706693B87AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.315:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC47725-86E5-4DAE-8EA2-720515E5A15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.316:*:*:*:*:*:*:*",
"matchCriteriaId": "605882F7-9C63-4CAE-9C30-79C002D338A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.317:*:*:*:*:*:*:*",
"matchCriteriaId": "14985B0D-2361-4EF3-A729-188041BC5AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.318:*:*:*:*:*:*:*",
"matchCriteriaId": "421E9899-5378-47BF-B8DA-71204607AE6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.319:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0F0706-6391-4FB4-B066-2031E285F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.320:*:*:*:*:*:*:*",
"matchCriteriaId": "79104118-EE32-4C58-95CB-73114A24DBE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.321:*:*:*:*:*:*:*",
"matchCriteriaId": "D9414894-9E05-4FF5-9D31-A6A543B70509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.322:*:*:*:*:*:*:*",
"matchCriteriaId": "012622A1-91DF-47F3-AD35-45CE4C23A680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.323:*:*:*:*:*:*:*",
"matchCriteriaId": "48FEE98A-E452-43F2-A303-B77CAE48D138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.324:*:*:*:*:*:*:*",
"matchCriteriaId": "40AF0791-082E-4E76-9477-1A87D35AE4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.325:*:*:*:*:*:*:*",
"matchCriteriaId": "850A3BBB-3615-4478-84C5-32F469AD3902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.326:*:*:*:*:*:*:*",
"matchCriteriaId": "BF052573-48C6-4449-972F-5800A22FDCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.327:*:*:*:*:*:*:*",
"matchCriteriaId": "4DFD19AF-F380-4F72-9D61-625586978F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.328:*:*:*:*:*:*:*",
"matchCriteriaId": "45ABF840-E762-4C8B-871C-9EAE6298378D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.329:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0DD5E5-DC8D-42A9-9953-CDD7184DF26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.330:*:*:*:*:*:*:*",
"matchCriteriaId": "A62A2715-BFEB-4293-B74C-AB50652EC8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.331:*:*:*:*:*:*:*",
"matchCriteriaId": "62149AF1-4494-4C8D-95B8-259BDB65651B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.332:*:*:*:*:*:*:*",
"matchCriteriaId": "2D291778-32A9-4E1D-B00A-BFF03F84008B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.333:*:*:*:*:*:*:*",
"matchCriteriaId": "3762FEDF-CD8B-4D71-8A44-54624A81BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.334:*:*:*:*:*:*:*",
"matchCriteriaId": "12D2846B-577A-4E17-8E07-6643EA5C517F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.335:*:*:*:*:*:*:*",
"matchCriteriaId": "70D4DF46-F517-49E8-A5B6-249BB7521BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.336:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2C2679-64FD-44AE-9CB3-92782479DDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.337:*:*:*:*:*:*:*",
"matchCriteriaId": "DC505A92-0F66-46D4-9C44-6155E0F7E628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.338:*:*:*:*:*:*:*",
"matchCriteriaId": "20855A6B-4077-4F82-AA85-CE71EC69013D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.339:*:*:*:*:*:*:*",
"matchCriteriaId": "31BEE7AA-170A-40FE-B1C6-21DF1E2C7454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.340:*:*:*:*:*:*:*",
"matchCriteriaId": "13278498-E182-49C0-A278-429E4C58546F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.341:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4B5330-C1C6-40A4-B854-4805908F874D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.342:*:*:*:*:*:*:*",
"matchCriteriaId": "8A40DD43-A2D2-4774-8ECB-84B5DB789AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.343:*:*:*:*:*:*:*",
"matchCriteriaId": "21B24593-9474-42B1-8082-B87EBD995B88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.344:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9DDD2-3E57-4BCC-A77C-E7A18335CB80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.345:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1D4C94-5934-47D0-92A6-0256604CCEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.346:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2A70DD-87CB-4E75-88EB-1C89307E4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.347:*:*:*:*:*:*:*",
"matchCriteriaId": "5901D776-C8C3-44ED-BBA1-0D79B7B0C9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.348:*:*:*:*:*:*:*",
"matchCriteriaId": "AA03F3DE-7F9F-4D08-8331-7CF4EAF5A5C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.349:*:*:*:*:*:*:*",
"matchCriteriaId": "78B88B29-B45F-4A41-AC2B-A6E37E6F7A2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.350:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B2810A-5230-4C0B-A575-52AA8292EDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.351:*:*:*:*:*:*:*",
"matchCriteriaId": "100C8710-3F38-4A2D-B09D-69E7C09A0212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.352:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE44584-DAED-4287-BACA-7932A0137AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.353:*:*:*:*:*:*:*",
"matchCriteriaId": "740DCB6B-7CB9-4373-97A1-CA02C72C5C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.354:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2BF720-A5AD-4B77-A23E-078E06634830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.355:*:*:*:*:*:*:*",
"matchCriteriaId": "968EED5F-4FA6-4972-85C7-7ACA5CC51E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.356:*:*:*:*:*:*:*",
"matchCriteriaId": "46E94DD4-B599-4F4B-B5F9-2D1D61C4CFE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.357:*:*:*:*:*:*:*",
"matchCriteriaId": "D4753F4C-8540-4231-914E-C4CBBFAB1118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.358:*:*:*:*:*:*:*",
"matchCriteriaId": "5B884FA0-4A80-404E-BE63-9074FF95C5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.359:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACC2276-FC22-4D5B-8573-4863C23C3CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.360:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6368F6-1E43-4502-87A2-F454F6B258E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.361:*:*:*:*:*:*:*",
"matchCriteriaId": "19874F4A-F2D4-44E2-B900-E4D98643593A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.362:*:*:*:*:*:*:*",
"matchCriteriaId": "AE610345-468A-46EE-9033-CF1D327F3696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.363:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F0C2F0-7CC2-4D7B-85AB-C495105AF05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.364:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD26E56-86F2-4ACA-A19F-7B989BA2EC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.365:*:*:*:*:*:*:*",
"matchCriteriaId": "45DCFEED-D677-4F73-9D80-2F96076D6378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.366:*:*:*:*:*:*:*",
"matchCriteriaId": "022775A4-F95C-48A8-90CD-67AB5F653A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.367:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDA38C3-B629-4510-9B4A-1696D96D0CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.368:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4E2793-8654-43D7-8B3B-649E349EA519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.369:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4E4732-ED35-4BBC-A6FB-2567697DC902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE26A4B-1F83-430E-B0DC-8F11D239E86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.371:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3955BA-0795-4C5B-BDA6-B6F1B6AE9769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.372:*:*:*:*:*:*:*",
"matchCriteriaId": "D40B558E-7206-4D6A-8B47-6C5FDCDC9DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.373:*:*:*:*:*:*:*",
"matchCriteriaId": "2261A96C-8D00-4829-9B54-2EA0360B4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.374:*:*:*:*:*:*:*",
"matchCriteriaId": "C548E3A0-4B28-4B9C-AFD0-9ACD0B612870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.375:*:*:*:*:*:*:*",
"matchCriteriaId": "8726B250-77F8-44C0-B982-706F4F4A1F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.376:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8D81D1-DAAF-4A87-8A05-1085809EB8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.377:*:*:*:*:*:*:*",
"matchCriteriaId": "540FCCD6-EEED-4781-A7E2-2656BDAFAA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.378:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF3ECC1-3ECA-48FC-95EC-053C9181A00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.379:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E7CFEA-D892-49D0-A93F-44893DDEE352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.380:*:*:*:*:*:*:*",
"matchCriteriaId": "08615FFC-55A3-49CF-824A-AAA4613EE01B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.382:*:*:*:*:*:*:*",
"matchCriteriaId": "667E95CA-935E-4911-AF5F-0B57A5657DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.383:*:*:*:*:*:*:*",
"matchCriteriaId": "85D3BB26-3640-48DF-8E04-F2D6A0DA3969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.384:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7D1A99-15F6-4D26-964E-3750E58600A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.386:*:*:*:*:*:*:*",
"matchCriteriaId": "CFDD62E4-A364-4885-BDE4-F68C68A0D338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.387:*:*:*:*:*:*:*",
"matchCriteriaId": "A78A0DE8-A6CC-4A6A-B55D-B6F23085156B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.388:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3ED3E0-6EB4-4BAF-B49D-EB362DED9D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.389:*:*:*:*:*:*:*",
"matchCriteriaId": "0105E476-9714-4055-BA23-BE70A6CE6226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.390:*:*:*:*:*:*:*",
"matchCriteriaId": "730F6D2A-8CCD-4520-B63E-676281B8DF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.391:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EF0E22-94F7-4999-AB3A-858AEDAD3A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.392:*:*:*:*:*:*:*",
"matchCriteriaId": "8628CA5B-39FD-4339-8B33-02C3B4C5F77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.393:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2F0C3A-E4A6-4F27-99F3-964415975338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.394:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CAD8E0-7DF0-4EC7-8922-D9D142A722C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.395:*:*:*:*:*:*:*",
"matchCriteriaId": "57CDFD8A-B3D4-4696-9D61-A500CBA247D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.396:*:*:*:*:*:*:*",
"matchCriteriaId": "DC77B202-B07D-4FD6-A41C-F77E32401CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.397:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D5EDC0-9275-413A-9BBD-15FF7030C51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.398:*:*:*:*:*:*:*",
"matchCriteriaId": "2C606F69-1DC4-4D1E-9979-7AE49176AA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.399:*:*:*:*:*:*:*",
"matchCriteriaId": "9E66E35B-273B-405D-BA2E-C6DE33C67DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F7CBDA-3667-4BC3-84DD-1544621A085B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FC15F-E309-49D5-AE5D-9A7B2D14E87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.402:*:*:*:*:*:*:*",
"matchCriteriaId": "79096D36-805A-4A51-807D-D8ADD539E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.403:*:*:*:*:*:*:*",
"matchCriteriaId": "8C784E41-2F84-43DD-8CB5-BF351885248F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.404:*:*:*:*:*:*:*",
"matchCriteriaId": "34A76EBB-2ECB-403F-B56D-C39E6119435E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.405:*:*:*:*:*:*:*",
"matchCriteriaId": "5D429FE3-D808-4625-BD44-703D2E87EE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.406:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE7E602-AD1A-4547-A3AC-C9F8B94EAF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.407:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8B008A-76C7-495A-B8A6-25BA19E37C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.408:*:*:*:*:*:*:*",
"matchCriteriaId": "CD609494-12EA-40AC-8EA7-30E9454BF533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CA4168-E3B3-42A1-90BC-66D6ADA1A847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA024CA-1D9C-44B8-88B8-3663691B6EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B759C60-B2D2-4C0C-89C2-6A089982C945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "1657F755-942D-4F6F-A55A-F0633BD14547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.411:*:*:*:*:*:*:*",
"matchCriteriaId": "E2231A9B-4E1F-4077-8B3F-C7FDAE73475D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.412:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF9A1C7-7C53-46BC-B433-34FE9A11C2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.413:*:*:*:*:*:*:*",
"matchCriteriaId": "CA19A7DF-A800-4664-B799-1FCBA8D63788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.414:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1F843B-56CD-4A67-92C3-AC4957221D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.415:*:*:*:*:*:*:*",
"matchCriteriaId": "C53EC41A-13ED-432C-9240-FA429E85B1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.416:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEF2C98-D4A5-4004-BD39-6400531FF7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.417:*:*:*:*:*:*:*",
"matchCriteriaId": "E357EACF-210E-433F-81F1-659A4F3352B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.418:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD8EE26-DB37-49FC-B8D6-7D56FA249D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.419:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2808D7-72FD-4EB7-9459-21F611509305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "891AAB03-DA45-4AB3-B0F4-01FCD4E545C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.421:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D4E1B-82CC-490B-AF4D-52EAC7DF85CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.422:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1C29A7-1226-4179-9275-20C98D649631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.423:*:*:*:*:*:*:*",
"matchCriteriaId": "8924363E-3C74-4AE6-9CAB-74FF38E16457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DF595E-17B5-4DDF-A875-B650AA789F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.425:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F76FBA-5E35-4A3D-85E6-9778982B246D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.426:*:*:*:*:*:*:*",
"matchCriteriaId": "E15232BB-090A-448C-BD50-92C97984CC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.427:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4A0247-3C79-4F78-A086-877B5C5E1252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.428:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA375A6-68B4-49D0-BDD0-E7FB0276C9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.429:*:*:*:*:*:*:*",
"matchCriteriaId": "09D44683-47F1-4E7A-8B63-F2932836CD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "0523F7C0-BCA4-4A75-BA83-0E0BEEED279A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.431:*:*:*:*:*:*:*",
"matchCriteriaId": "A52383BB-66BF-4C87-9DA5-B278DD32CA66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.432:*:*:*:*:*:*:*",
"matchCriteriaId": "359CC43E-9ADC-4270-A015-0D1CD6D98B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.433:*:*:*:*:*:*:*",
"matchCriteriaId": "2968A12D-7CAF-4D8B-8E88-28204EA284FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.434:*:*:*:*:*:*:*",
"matchCriteriaId": "17E95B6C-05F4-46A0-B36F-7F6A52B848F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.435:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CAF85B-B825-4B7A-ACF9-A52E1E930592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.436:*:*:*:*:*:*:*",
"matchCriteriaId": "75416939-96FB-4970-AB14-4374F3B80504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.437:*:*:*:*:*:*:*",
"matchCriteriaId": "6B78DF52-88A5-49A9-B705-16B42A9039C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.454, Jenkins LTS en versiones anteriores a 1.424.5 y Jenkins Enterprise 1.400.x en versiones anteriores a 1.400.0.13 y 1.424.x en versiones anteriores a 1.424.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2012-0325."
}
],
"id": "CVE-2012-0324",
"lastModified": "2024-11-21T01:34:48.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-03-09T11:55:01.053",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN14791558/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/52384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN14791558/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52384"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-24 17:15
Modified
2024-11-21 01:35
Severity ?
Summary
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "A2BD5920-1705-491C-B23A-AD4929B0902F",
"versionEndExcluding": "1.400.0.11",
"versionStartIncluding": "1.400.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6EFD9076-D5DE-45D3-A8B7-6F30FD144D22",
"versionEndExcluding": "1.424.2.1",
"versionStartIncluding": "1.424.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5173CE5-0232-424F-ACB6-DF2F3A42C293",
"versionEndExcluding": "1.424.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A27C3A8-57F9-4D0B-A027-F035641F1AB1",
"versionEndExcluding": "1.447",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka \"the Hash DoS attack.\""
},
{
"lang": "es",
"value": "Una vulnerabilidad de ataque de colisi\u00f3n de hash en Jenkins versiones anteriores a 1.447, Jenkins LTS versiones anteriores a 1.424.2 y Jenkins Enterprise de CloudBees versiones 1.424.x anteriores a 1.424.2.1 y versiones 1.400.x anteriores a 1.400.0.11, podr\u00eda permitir a atacantes remotos causar una carga de la CPU considerable, tambi\u00e9n se conoce como \"the Hash DoS attack\"."
}
],
"id": "CVE-2012-0785",
"lastModified": "2024-11-21T01:35:43.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-24T17:15:13.590",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2012-0785"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://jenkins.io/security/advisory/2012-01-12/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-0785"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2012-0785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jenkins.io/security/advisory/2012-01-12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-0785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 22:55
Modified
2024-11-21 01:45
Severity ?
Summary
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447.1.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "64DC99F9-DA01-4A7B-9AB6-8CCBEB1C0E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447.2.2:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "894B96E5-3B3C-4D0E-8BED-5911A2AA2D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447.3.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "54BF2C2C-C920-41B7-A938-DA6CFADCEC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.400:-:lts:*:*:*:*:*",
"matchCriteriaId": "65C51F95-07E8-4F9F-B0D9-D5E5360F17F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424:-:lts:*:*:*:*:*",
"matchCriteriaId": "E3A59F7E-1D1C-4E78-8CCC-4C05CBC6DE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.447:-:lts:*:*:*:*:*",
"matchCriteriaId": "830BA953-FE5C-457F-9CD5-8DAB70C54CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06E9DD9A-E695-4F26-9790-D41D6C265CA7",
"versionEndIncluding": "1.466.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA024CA-1D9C-44B8-88B8-3663691B6EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B759C60-B2D2-4C0C-89C2-6A089982C945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E73C86A-5AC5-4D9D-9F5C-BDF5F06C45B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F09B4E-DD5B-477C-9547-7C2D8039BCD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.2:*:*:*:*:*:*:*",
"matchCriteriaId": "744A5B4A-7B8E-40FE-9FE2-C935822FC65A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF148AFF-8AF1-43B8-B184-CAC0436F86AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB21AA0-964A-4F69-8570-1742A5E6DA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9517BF55-D76E-4A2B-A439-E43AC11B5C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0693E3B0-678C-4029-9A3F-64128D631571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.447.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76F21028-9881-4669-B367-E9B35AC7601B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.447.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59D9137C-C8DD-47A2-8D7F-318BAADA2A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.466.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC602437-C693-4555-A4DA-A061BAF3E2F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.0.2:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "4D47B599-AD9E-4CC7-99B0-5BBCE21FE12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.0.4:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "1A64AD04-F3A7-493D-9092-D44203390ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.1.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "1008C47A-B18E-4888-A8D0-5E3BAE4406C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.2.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "9103E105-898E-49CB-AAEE-A01948678537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.4.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "46ACF9F0-E9B9-4BAC-A351-470E8B102737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.5.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "FDC2EC22-7A4F-492F-9723-386B238CAA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.6.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "EF8269EF-2E74-4B21-ADFD-8AECD2383176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.424.6.11:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "713EEE59-CAE4-4E35-9E56-31BFB6311640",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D692CD-0DD7-4777-AE59-13CB723BCC2D",
"versionEndIncluding": "1.480.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F7CBDA-3667-4BC3-84DD-1544621A085B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FC15F-E309-49D5-AE5D-9A7B2D14E87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.402:*:*:*:*:*:*:*",
"matchCriteriaId": "79096D36-805A-4A51-807D-D8ADD539E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.403:*:*:*:*:*:*:*",
"matchCriteriaId": "8C784E41-2F84-43DD-8CB5-BF351885248F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.404:*:*:*:*:*:*:*",
"matchCriteriaId": "34A76EBB-2ECB-403F-B56D-C39E6119435E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.405:*:*:*:*:*:*:*",
"matchCriteriaId": "5D429FE3-D808-4625-BD44-703D2E87EE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.406:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE7E602-AD1A-4547-A3AC-C9F8B94EAF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.407:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8B008A-76C7-495A-B8A6-25BA19E37C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.408:*:*:*:*:*:*:*",
"matchCriteriaId": "CD609494-12EA-40AC-8EA7-30E9454BF533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.409:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CA4168-E3B3-42A1-90BC-66D6ADA1A847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "1657F755-942D-4F6F-A55A-F0633BD14547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.411:*:*:*:*:*:*:*",
"matchCriteriaId": "E2231A9B-4E1F-4077-8B3F-C7FDAE73475D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.412:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF9A1C7-7C53-46BC-B433-34FE9A11C2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.413:*:*:*:*:*:*:*",
"matchCriteriaId": "CA19A7DF-A800-4664-B799-1FCBA8D63788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.414:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1F843B-56CD-4A67-92C3-AC4957221D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.415:*:*:*:*:*:*:*",
"matchCriteriaId": "C53EC41A-13ED-432C-9240-FA429E85B1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.416:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEF2C98-D4A5-4004-BD39-6400531FF7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.417:*:*:*:*:*:*:*",
"matchCriteriaId": "E357EACF-210E-433F-81F1-659A4F3352B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.418:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD8EE26-DB37-49FC-B8D6-7D56FA249D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.419:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2808D7-72FD-4EB7-9459-21F611509305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "891AAB03-DA45-4AB3-B0F4-01FCD4E545C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.421:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D4E1B-82CC-490B-AF4D-52EAC7DF85CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.422:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1C29A7-1226-4179-9275-20C98D649631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.423:*:*:*:*:*:*:*",
"matchCriteriaId": "8924363E-3C74-4AE6-9CAB-74FF38E16457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.424:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DF595E-17B5-4DDF-A875-B650AA789F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.425:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F76FBA-5E35-4A3D-85E6-9778982B246D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.426:*:*:*:*:*:*:*",
"matchCriteriaId": "E15232BB-090A-448C-BD50-92C97984CC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.427:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4A0247-3C79-4F78-A086-877B5C5E1252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.428:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA375A6-68B4-49D0-BDD0-E7FB0276C9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.429:*:*:*:*:*:*:*",
"matchCriteriaId": "09D44683-47F1-4E7A-8B63-F2932836CD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "0523F7C0-BCA4-4A75-BA83-0E0BEEED279A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.431:*:*:*:*:*:*:*",
"matchCriteriaId": "A52383BB-66BF-4C87-9DA5-B278DD32CA66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.432:*:*:*:*:*:*:*",
"matchCriteriaId": "359CC43E-9ADC-4270-A015-0D1CD6D98B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.433:*:*:*:*:*:*:*",
"matchCriteriaId": "2968A12D-7CAF-4D8B-8E88-28204EA284FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.434:*:*:*:*:*:*:*",
"matchCriteriaId": "17E95B6C-05F4-46A0-B36F-7F6A52B848F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.435:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CAF85B-B825-4B7A-ACF9-A52E1E930592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.436:*:*:*:*:*:*:*",
"matchCriteriaId": "75416939-96FB-4970-AB14-4374F3B80504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:1.437:*:*:*:*:*:*:*",
"matchCriteriaId": "6B78DF52-88A5-49A9-B705-16B42A9039C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.466.1.2:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "26046DC7-335B-4E29-86F3-A2077AD32AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.466.2.1:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "C5D05B3A-8709-4061-810E-656B6D5BDAED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en Jenkins en versiones anteriores a 1.491, Jenkins LTS en versiones anteriores a 1.480.1 y Jenkins Enterprise 1.424.x en versiones anteriores a 1.424.6.13, 1.447.x en versiones anteriores a 1.447.4.1 y 1.466.x en versiones anteriores a 1.466.10.1 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-6073",
"lastModified": "2024-11-21T01:45:45.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-24T22:55:01.143",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/28/1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890608"
},
{
"source": "secalert@redhat.com",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/28/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=890608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
jvndb-2012-000023
Vulnerability from jvndb
Published
2012-03-09 14:35
Modified
2012-03-09 14:35
Summary
Jenkins vulnerable to cross-site scripting
Details
Jenkins contains a cross-site scripting vulnerability.
Jenkins is a continuous integration (CI) tool.
Note that this vulnerability is different from JVN#14791558.
Minoru Sakai of SCSK Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000023.html",
"dc:date": "2012-03-09T14:35+09:00",
"dcterms:issued": "2012-03-09T14:35+09:00",
"dcterms:modified": "2012-03-09T14:35+09:00",
"description": "Jenkins contains a cross-site scripting vulnerability.\r\n\r\nJenkins is a continuous integration (CI) tool. \r\n\r\nNote that this vulnerability is different from JVN#14791558.\r\n\r\nMinoru Sakai of SCSK Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000023.html",
"sec:cpe": {
"#text": "cpe:/a:cloudbees:jenkins",
"@product": "Jenkins",
"@vendor": "CloudBees",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000023",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN79950061/index.html",
"@id": "JVN#79950061",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0325",
"@id": "CVE-2012-0325",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0325",
"@id": "CVE-2012-0325",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Jenkins vulnerable to cross-site scripting"
}
jvndb-2012-000022
Vulnerability from jvndb
Published
2012-03-09 14:28
Modified
2012-03-09 14:28
Summary
Jenkins vulnerable to cross-site scripting
Details
Jenkins contains a cross-site scripting vulnerability.
Jenkins is a continuous integration (CI) tool. Jenkins contains a cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#79950061.
Minoru Sakai of SCSK Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000022.html",
"dc:date": "2012-03-09T14:28+09:00",
"dcterms:issued": "2012-03-09T14:28+09:00",
"dcterms:modified": "2012-03-09T14:28+09:00",
"description": "Jenkins contains a cross-site scripting vulnerability.\r\n\r\nJenkins is a continuous integration (CI) tool. Jenkins contains a cross-site scripting vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#79950061.\r\n\r\nMinoru Sakai of SCSK Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000022.html",
"sec:cpe": {
"#text": "cpe:/a:cloudbees:jenkins",
"@product": "Jenkins",
"@vendor": "CloudBees",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000022",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN14791558/index.html",
"@id": "JVN#14791558",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0324",
"@id": "CVE-2012-0324",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0324",
"@id": "CVE-2012-0324",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Jenkins vulnerable to cross-site scripting"
}