CVE-2013-6372

Severity

21%

Complexity

39%

Confidentiality

48%

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

jenkins-ci subversion-plugin

First reported 10 years ago

2014-05-08 14:29:00

Last updated 10 years ago

2014-05-09 14:24:00

Affected Software

jenkins-ci subversion-plugin 1.0

1.0

jenkins-ci subversion-plugin 1.1

1.1

jenkins-ci subversion-plugin 1.2

1.2

jenkins-ci subversion-plugin 1.3

1.3

jenkins-ci subversion-plugin 1.4

1.4

jenkins-ci subversion-plugin 1.5

1.5

jenkins-ci subversion-plugin 1.6

1.6

jenkins-ci subversion-plugin 1.7

1.7

jenkins-ci subversion-plugin 1.8

1.8

jenkins-ci subversion-plugin 1.9

1.9

jenkins-ci subversion-plugin 1.10

1.10

jenkins-ci subversion-plugin 1.11

1.11

jenkins-ci subversion-plugin 1.12

1.12

jenkins-ci subversion-plugin 1.13

1.13

jenkins-ci subversion-plugin 1.14

1.14

jenkins-ci subversion-plugin 1.15

1.15

jenkins-ci subversion-plugin 1.16

1.16

jenkins-ci subversion-plugin 1.17

1.17

jenkins-ci subversion-plugin 1.18

1.18

jenkins-ci subversion-plugin 1.19

1.19

jenkins-ci subversion-plugin 1.20

1.20

jenkins-ci subversion-plugin 1.21

1.21

jenkins-ci subversion-plugin 1.22

1.22

jenkins-ci subversion-plugin 1.23

1.23

jenkins-ci subversion-plugin 1.24

1.24

jenkins-ci subversion-plugin 1.25

1.25

jenkins-ci subversion-plugin 1.26

1.26

jenkins-ci subversion-plugin 1.27

1.27

jenkins-ci subversion-plugin 1.28

1.28

jenkins-ci subversion-plugin 1.29

1.29

jenkins-ci subversion-plugin 1.30

1.30

jenkins-ci subversion-plugin 1.31

1.31

jenkins-ci subversion-plugin 1.32

1.32

jenkins-ci subversion-plugin 1.33

1.33

jenkins-ci subversion-plugin 1.34

1.34

jenkins-ci subversion-plugin 1.35

1.35

jenkins-ci subversion-plugin 1.36

1.36

jenkins-ci subversion-plugin 1.37

1.37

jenkins-ci subversion-plugin 1.38

1.38

jenkins-ci subversion-plugin 1.39

1.39

jenkins-ci subversion-plugin 1.40

1.40

jenkins-ci subversion-plugin 1.41

1.41

jenkins-ci subversion-plugin 1.42

1.42

jenkins-ci subversion-plugin 1.43

1.43

jenkins-ci subversion-plugin 1.44

1.44

jenkins-ci subversion-plugin 1.45

1.45

jenkins-ci subversion-plugin 1.46

1.46

jenkins-ci subversion-plugin 1.47

1.47

jenkins-ci subversion-plugin 1.48

1.48

jenkins-ci subversion-plugin 1.49

1.49

jenkins-ci subversion-plugin 1.50

1.50

jenkins-ci subversion-plugin 1.51

1.51

jenkins-ci subversion-plugin 1.52

1.52

References

https://bugzilla.redhat.com/show_bug.cgi?id=1032391

https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6

Exploit, Patch

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.