Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6073

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-6073
Last Modified 25 Feb 2013 12:00:00
Published 24 Feb 2013 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6073

Summary

Open redirect vulnerability in CloudBees Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Vulnerable Systems

Application

  • Cloudbees Jenkins 1.400

  • Cloudbees Jenkins 1.401

  • Cloudbees Jenkins 1.402

  • Cloudbees Jenkins 1.403

  • Cloudbees Jenkins 1.404

  • Cloudbees Jenkins 1.405

  • Cloudbees Jenkins 1.406

  • Cloudbees Jenkins 1.407

  • Cloudbees Jenkins 1.408

  • Cloudbees Jenkins 1.409

  • Cloudbees Jenkins 1.409.1

  • Cloudbees Jenkins 1.409.2

  • Cloudbees Jenkins 1.409.3

  • Cloudbees Jenkins 1.410

  • Cloudbees Jenkins 1.411

  • Cloudbees Jenkins 1.412

  • Cloudbees Jenkins 1.413

  • Cloudbees Jenkins 1.414

  • Cloudbees Jenkins 1.415

  • Cloudbees Jenkins 1.416

  • Cloudbees Jenkins 1.417

  • Cloudbees Jenkins 1.418

  • Cloudbees Jenkins 1.419

  • Cloudbees Jenkins 1.420

  • Cloudbees Jenkins 1.421

  • Cloudbees Jenkins 1.422

  • Cloudbees Jenkins 1.423

  • Cloudbees Jenkins 1.424

  • Cloudbees Jenkins 1.424.0.2

  • Cloudbees Jenkins 1.424.0.4

  • Cloudbees Jenkins 1.424.1

  • Cloudbees Jenkins 1.424.1.1

  • Cloudbees Jenkins 1.424.2

  • Cloudbees Jenkins 1.424.2.1

  • Cloudbees Jenkins 1.424.3

  • Cloudbees Jenkins 1.424.4

  • Cloudbees Jenkins 1.424.4.1

  • Cloudbees Jenkins 1.424.5

  • Cloudbees Jenkins 1.424.5.1

  • Cloudbees Jenkins 1.424.6

  • Cloudbees Jenkins 1.424.6.1

  • Cloudbees Jenkins 1.424.6.11

  • Cloudbees Jenkins 1.425

  • Cloudbees Jenkins 1.426

  • Cloudbees Jenkins 1.427

  • Cloudbees Jenkins 1.428

  • Cloudbees Jenkins 1.429

  • Cloudbees Jenkins 1.430

  • Cloudbees Jenkins 1.431

  • Cloudbees Jenkins 1.432

  • Cloudbees Jenkins 1.433

  • Cloudbees Jenkins 1.434

  • Cloudbees Jenkins 1.435

  • Cloudbees Jenkins 1.436

  • Cloudbees Jenkins 1.437

  • Cloudbees Jenkins 1.447

  • Cloudbees Jenkins 1.447.1

  • Cloudbees Jenkins 1.447.1.1

  • Cloudbees Jenkins 1.447.2

  • Cloudbees Jenkins 1.447.2.2

  • Cloudbees Jenkins 1.447.3.1

  • Cloudbees Jenkins 1.466.1

  • Cloudbees Jenkins 1.466.1.2

  • Cloudbees Jenkins 1.466.2

  • Cloudbees Jenkins 1.466.2.1

  • Cloudbees Jenkins 1.480.3.1


References

CONFIRM - https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=890608

MLIST - [oss-security] 20121227 Re: CVE request: Jenkins

CONFIRM - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb

REDHAT - RHSA-2013:0220


Last Updated: 27 May 2016 11:01:56