Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6074

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-6074
Last Modified 26 Feb 2013 12:00:00
Published 24 Feb 2013 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-6074

Summary

Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Cloudbees Jenkins 1.400

  • Cloudbees Jenkins 1.401

  • Cloudbees Jenkins 1.402

  • Cloudbees Jenkins 1.403

  • Cloudbees Jenkins 1.404

  • Cloudbees Jenkins 1.405

  • Cloudbees Jenkins 1.406

  • Cloudbees Jenkins 1.407

  • Cloudbees Jenkins 1.408

  • Cloudbees Jenkins 1.409

  • Cloudbees Jenkins 1.409.1

  • Cloudbees Jenkins 1.409.2

  • Cloudbees Jenkins 1.409.3

  • Cloudbees Jenkins 1.410

  • Cloudbees Jenkins 1.411

  • Cloudbees Jenkins 1.412

  • Cloudbees Jenkins 1.413

  • Cloudbees Jenkins 1.414

  • Cloudbees Jenkins 1.415

  • Cloudbees Jenkins 1.416

  • Cloudbees Jenkins 1.417

  • Cloudbees Jenkins 1.418

  • Cloudbees Jenkins 1.419

  • Cloudbees Jenkins 1.420

  • Cloudbees Jenkins 1.421

  • Cloudbees Jenkins 1.422

  • Cloudbees Jenkins 1.423

  • Cloudbees Jenkins 1.424

  • Cloudbees Jenkins 1.424.0.2

  • Cloudbees Jenkins 1.424.0.4

  • Cloudbees Jenkins 1.424.1

  • Cloudbees Jenkins 1.424.1.1

  • Cloudbees Jenkins 1.424.2

  • Cloudbees Jenkins 1.424.2.1

  • Cloudbees Jenkins 1.424.3

  • Cloudbees Jenkins 1.424.4

  • Cloudbees Jenkins 1.424.4.1

  • Cloudbees Jenkins 1.424.5

  • Cloudbees Jenkins 1.424.5.1

  • Cloudbees Jenkins 1.424.6

  • Cloudbees Jenkins 1.424.6.1

  • Cloudbees Jenkins 1.424.6.11

  • Cloudbees Jenkins 1.425

  • Cloudbees Jenkins 1.426

  • Cloudbees Jenkins 1.427

  • Cloudbees Jenkins 1.428

  • Cloudbees Jenkins 1.429

  • Cloudbees Jenkins 1.430

  • Cloudbees Jenkins 1.431

  • Cloudbees Jenkins 1.432

  • Cloudbees Jenkins 1.433

  • Cloudbees Jenkins 1.434

  • Cloudbees Jenkins 1.435

  • Cloudbees Jenkins 1.436

  • Cloudbees Jenkins 1.437

  • Cloudbees Jenkins 1.447

  • Cloudbees Jenkins 1.447.1

  • Cloudbees Jenkins 1.447.1.1

  • Cloudbees Jenkins 1.447.2

  • Cloudbees Jenkins 1.447.2.2

  • Cloudbees Jenkins 1.447.3.1

  • Cloudbees Jenkins 1.466.1

  • Cloudbees Jenkins 1.466.1.2

  • Cloudbees Jenkins 1.466.2

  • Cloudbees Jenkins 1.466.2.1

  • Cloudbees Jenkins 1.480.3.1


References

CONFIRM - https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=890612

MLIST - [oss-security] 20121227 Re: CVE request: Jenkins

CONFIRM - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb

REDHAT - RHSA-2013:0220


Last Updated: 27 May 2016 11:01:56