Lucene search

[email protected]NVD:CVE-2012-6073

HistoryFeb 24, 2013 - 10:55 p.m.

CVE-2012-6073

2013-02-2422:55:01

CWE-20

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.8%

JSON

Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Affected configurations

NVD

Node

cloudbeesjenkinsMatch1.447.1.1-enterprise

cloudbeesjenkinsMatch1.447.2.2-enterprise

cloudbeesjenkinsMatch1.447.3.1-enterprise

Node

cloudbeesjenkinsMatch1.400-lts

cloudbeesjenkinsMatch1.424-lts

cloudbeesjenkinsMatch1.447-lts

jenkinsjenkinsRange≤1.466.2

jenkinsjenkinsMatch1.409.1

jenkinsjenkinsMatch1.409.2

jenkinsjenkinsMatch1.409.3

jenkinsjenkinsMatch1.424.1

jenkinsjenkinsMatch1.424.2

jenkinsjenkinsMatch1.424.3

jenkinsjenkinsMatch1.424.4

jenkinsjenkinsMatch1.424.5

jenkinsjenkinsMatch1.424.6

jenkinsjenkinsMatch1.447.1

jenkinsjenkinsMatch1.447.2

jenkinsjenkinsMatch1.466.1

Node

cloudbeesjenkinsMatch1.424.0.2-enterprise

cloudbeesjenkinsMatch1.424.0.4-enterprise

cloudbeesjenkinsMatch1.424.1.1-enterprise

cloudbeesjenkinsMatch1.424.2.1-enterprise

cloudbeesjenkinsMatch1.424.4.1-enterprise

cloudbeesjenkinsMatch1.424.5.1-enterprise

cloudbeesjenkinsMatch1.424.6.1-enterprise

cloudbeesjenkinsMatch1.424.6.11-enterprise

Node

cloudbeesjenkinsRange≤1.480.3.1

jenkinsjenkinsMatch1.400

jenkinsjenkinsMatch1.401

jenkinsjenkinsMatch1.402

jenkinsjenkinsMatch1.403

jenkinsjenkinsMatch1.404

jenkinsjenkinsMatch1.405

jenkinsjenkinsMatch1.406

jenkinsjenkinsMatch1.407

jenkinsjenkinsMatch1.408

jenkinsjenkinsMatch1.409

jenkinsjenkinsMatch1.410

jenkinsjenkinsMatch1.411

jenkinsjenkinsMatch1.412

jenkinsjenkinsMatch1.413

jenkinsjenkinsMatch1.414

jenkinsjenkinsMatch1.415

jenkinsjenkinsMatch1.416

jenkinsjenkinsMatch1.417

jenkinsjenkinsMatch1.418

jenkinsjenkinsMatch1.419

jenkinsjenkinsMatch1.420

jenkinsjenkinsMatch1.421

jenkinsjenkinsMatch1.422

jenkinsjenkinsMatch1.423

jenkinsjenkinsMatch1.424

jenkinsjenkinsMatch1.425

jenkinsjenkinsMatch1.426

jenkinsjenkinsMatch1.427

jenkinsjenkinsMatch1.428

jenkinsjenkinsMatch1.429

jenkinsjenkinsMatch1.430

jenkinsjenkinsMatch1.431

jenkinsjenkinsMatch1.432

jenkinsjenkinsMatch1.433

jenkinsjenkinsMatch1.434

jenkinsjenkinsMatch1.435

jenkinsjenkinsMatch1.436

jenkinsjenkinsMatch1.437

Node

cloudbeesjenkinsMatch1.466.1.2-enterprise

cloudbeesjenkinsMatch1.466.2.1-enterprise

References

rhn.redhat.com/errata/RHSA-2013-0220.html

www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb

www.openwall.com/lists/oss-security/2012/12/28/1

bugzilla.redhat.com/show_bug.cgi?id=890608

wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.8%

JSON

Related for NVD:CVE-2012-6073

prion1 ubuntucve1 cvelist1 cve1 nessus1 veracode5 redhat1