CVE-2013-0158

Severity

26%

Complexity

49%

Confidentiality

48%

Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.

Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N).

Overview

Type

Jenkins

First reported 11 years ago

2013-02-24 22:55:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

Jenkins 1.400

1.400

Jenkins 1.401

1.401

Jenkins 1.402

1.402

Jenkins 1.403

1.403

Jenkins 1.404

1.404

Jenkins 1.405

1.405

Jenkins 1.406

1.406

Jenkins 1.407

1.407

Jenkins 1.408

1.408

Jenkins 1.409

1.409

Jenkins 1.410

1.410

Jenkins 1.411

1.411

Jenkins 1.412

1.412

Jenkins 1.413

1.413

Jenkins 1.414

1.414

Jenkins 1.415

1.415

Jenkins 1.416

1.416

Jenkins 1.417

1.417

Jenkins 1.418

1.418

Jenkins 1.419

1.419

Jenkins 1.420

1.420

Jenkins 1.421

1.421

Jenkins 1.422

1.422

Jenkins 1.423

1.423

Jenkins 1.424

1.424

Jenkins 1.425

1.425

Jenkins 1.426

1.426

Jenkins 1.427

1.427

Jenkins 1.428

1.428

Jenkins 1.429

1.429

Jenkins 1.430

1.430

Jenkins 1.431

1.431

Jenkins 1.432

1.432

Jenkins 1.433

1.433

Jenkins 1.434

1.434

Jenkins 1.435

1.435

Jenkins 1.436

1.436

Jenkins 1.437

1.437

CloudBees Jenkins 1.466.1.2 enterprise

1.466.1.2

CloudBees Jenkins 1.466.2.1 enterprise

1.466.2.1

Jenkins 1.409.1

1.409.1

CloudBees Jenkins 1.447.1.1 enterprise

1.447.1.1

CloudBees Jenkins 1.447.2.2 enterprise

1.447.2.2

CloudBees Jenkins 1.447.3.1 enterprise

1.447.3.1

References

RHSA-2013:0220

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb

Vendor Advisory

[oss-security] 20130107 Re: CVE Request: Jenkins possible remote code execution

https://bugzilla.redhat.com/show_bug.cgi?id=892795

https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04

https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5

https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602

https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd

https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.