Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0158

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2013-0158
Last Modified 26 Feb 2013 12:00:00
Published 24 Feb 2013 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-0158

Summary

Unspecified vulnerability in CloudBees Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.

Vulnerable Systems

Application

  • Cloudbees Jenkins 1.400

  • Cloudbees Jenkins 1.401

  • Cloudbees Jenkins 1.402

  • Cloudbees Jenkins 1.403

  • Cloudbees Jenkins 1.404

  • Cloudbees Jenkins 1.405

  • Cloudbees Jenkins 1.406

  • Cloudbees Jenkins 1.407

  • Cloudbees Jenkins 1.408

  • Cloudbees Jenkins 1.409

  • Cloudbees Jenkins 1.409.1

  • Cloudbees Jenkins 1.409.2

  • Cloudbees Jenkins 1.409.3

  • Cloudbees Jenkins 1.410

  • Cloudbees Jenkins 1.411

  • Cloudbees Jenkins 1.412

  • Cloudbees Jenkins 1.413

  • Cloudbees Jenkins 1.414

  • Cloudbees Jenkins 1.415

  • Cloudbees Jenkins 1.416

  • Cloudbees Jenkins 1.417

  • Cloudbees Jenkins 1.418

  • Cloudbees Jenkins 1.419

  • Cloudbees Jenkins 1.420

  • Cloudbees Jenkins 1.421

  • Cloudbees Jenkins 1.422

  • Cloudbees Jenkins 1.423

  • Cloudbees Jenkins 1.424

  • Cloudbees Jenkins 1.424.0.2

  • Cloudbees Jenkins 1.424.0.4

  • Cloudbees Jenkins 1.424.1

  • Cloudbees Jenkins 1.424.1.1

  • Cloudbees Jenkins 1.424.2

  • Cloudbees Jenkins 1.424.2.1

  • Cloudbees Jenkins 1.424.3

  • Cloudbees Jenkins 1.424.4

  • Cloudbees Jenkins 1.424.4.1

  • Cloudbees Jenkins 1.424.5

  • Cloudbees Jenkins 1.424.5.1

  • Cloudbees Jenkins 1.424.6

  • Cloudbees Jenkins 1.424.6.1

  • Cloudbees Jenkins 1.424.6.11

  • Cloudbees Jenkins 1.425

  • Cloudbees Jenkins 1.426

  • Cloudbees Jenkins 1.427

  • Cloudbees Jenkins 1.428

  • Cloudbees Jenkins 1.429

  • Cloudbees Jenkins 1.430

  • Cloudbees Jenkins 1.431

  • Cloudbees Jenkins 1.432

  • Cloudbees Jenkins 1.433

  • Cloudbees Jenkins 1.434

  • Cloudbees Jenkins 1.435

  • Cloudbees Jenkins 1.436

  • Cloudbees Jenkins 1.437

  • Cloudbees Jenkins 1.447

  • Cloudbees Jenkins 1.447.1

  • Cloudbees Jenkins 1.447.1.1

  • Cloudbees Jenkins 1.447.2

  • Cloudbees Jenkins 1.447.2.2

  • Cloudbees Jenkins 1.447.3.1

  • Cloudbees Jenkins 1.466.1

  • Cloudbees Jenkins 1.466.1.2

  • Cloudbees Jenkins 1.466.2

  • Cloudbees Jenkins 1.466.2.1

  • Cloudbees Jenkins 1.480.3.1


References

CONFIRM - https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04

CONFIRM - https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2

CONFIRM - https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd

CONFIRM - https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602

CONFIRM - https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5

CONFIRM - https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=892795

MLIST - [oss-security] 20130107 Re: CVE Request: Jenkins possible remote code execution

CONFIRM - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb

REDHAT - RHSA-2013:0220


Last Updated: 27 May 2016 11:01:57