CVE-2012-0325

EPSS 0.21%
Published 09.03.2012 11:55:01
Last modified 11.04.2025 00:51:21
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Cloudbees ≫ Jenkins Version <= 1.453

Jenkins ≫ Jenkins Version1.301

Jenkins ≫ Jenkins Version1.302

Jenkins ≫ Jenkins Version1.303

Jenkins ≫ Jenkins Version1.304

Jenkins ≫ Jenkins Version1.305

Jenkins ≫ Jenkins Version1.306

Jenkins ≫ Jenkins Version1.307

Jenkins ≫ Jenkins Version1.308

Jenkins ≫ Jenkins Version1.309

Jenkins ≫ Jenkins Version1.310

Jenkins ≫ Jenkins Version1.311

Jenkins ≫ Jenkins Version1.312

Jenkins ≫ Jenkins Version1.313

Jenkins ≫ Jenkins Version1.314

Jenkins ≫ Jenkins Version1.315

Jenkins ≫ Jenkins Version1.316

Jenkins ≫ Jenkins Version1.317

Jenkins ≫ Jenkins Version1.318

Jenkins ≫ Jenkins Version1.319

Jenkins ≫ Jenkins Version1.320

Jenkins ≫ Jenkins Version1.321

Jenkins ≫ Jenkins Version1.322

Jenkins ≫ Jenkins Version1.323

Jenkins ≫ Jenkins Version1.324

Jenkins ≫ Jenkins Version1.325

Jenkins ≫ Jenkins Version1.326

Jenkins ≫ Jenkins Version1.327

Jenkins ≫ Jenkins Version1.328

Jenkins ≫ Jenkins Version1.329

Jenkins ≫ Jenkins Version1.330

Jenkins ≫ Jenkins Version1.331

Jenkins ≫ Jenkins Version1.332

Jenkins ≫ Jenkins Version1.333

Jenkins ≫ Jenkins Version1.334

Jenkins ≫ Jenkins Version1.335

Jenkins ≫ Jenkins Version1.336

Jenkins ≫ Jenkins Version1.337

Jenkins ≫ Jenkins Version1.338

Jenkins ≫ Jenkins Version1.339

Jenkins ≫ Jenkins Version1.340

Jenkins ≫ Jenkins Version1.341

Jenkins ≫ Jenkins Version1.342

Jenkins ≫ Jenkins Version1.343

Jenkins ≫ Jenkins Version1.344

Jenkins ≫ Jenkins Version1.345

Jenkins ≫ Jenkins Version1.346

Jenkins ≫ Jenkins Version1.347

Jenkins ≫ Jenkins Version1.348

Jenkins ≫ Jenkins Version1.349

Jenkins ≫ Jenkins Version1.350

Jenkins ≫ Jenkins Version1.351

Jenkins ≫ Jenkins Version1.352

Jenkins ≫ Jenkins Version1.353

Jenkins ≫ Jenkins Version1.354

Jenkins ≫ Jenkins Version1.355

Jenkins ≫ Jenkins Version1.356

Jenkins ≫ Jenkins Version1.357

Jenkins ≫ Jenkins Version1.358

Jenkins ≫ Jenkins Version1.359

Jenkins ≫ Jenkins Version1.360

Jenkins ≫ Jenkins Version1.361

Jenkins ≫ Jenkins Version1.362

Jenkins ≫ Jenkins Version1.363

Jenkins ≫ Jenkins Version1.364

Jenkins ≫ Jenkins Version1.365

Jenkins ≫ Jenkins Version1.366

Jenkins ≫ Jenkins Version1.367

Jenkins ≫ Jenkins Version1.368

Jenkins ≫ Jenkins Version1.369

Jenkins ≫ Jenkins Version1.370

Jenkins ≫ Jenkins Version1.371

Jenkins ≫ Jenkins Version1.372

Jenkins ≫ Jenkins Version1.373

Jenkins ≫ Jenkins Version1.374

Jenkins ≫ Jenkins Version1.375

Jenkins ≫ Jenkins Version1.376

Jenkins ≫ Jenkins Version1.377

Jenkins ≫ Jenkins Version1.378

Jenkins ≫ Jenkins Version1.379

Jenkins ≫ Jenkins Version1.380

Jenkins ≫ Jenkins Version1.382

Jenkins ≫ Jenkins Version1.383

Jenkins ≫ Jenkins Version1.384

Jenkins ≫ Jenkins Version1.386

Jenkins ≫ Jenkins Version1.387

Jenkins ≫ Jenkins Version1.388

Jenkins ≫ Jenkins Version1.389

Jenkins ≫ Jenkins Version1.390

Jenkins ≫ Jenkins Version1.391

Jenkins ≫ Jenkins Version1.392

Jenkins ≫ Jenkins Version1.393

Jenkins ≫ Jenkins Version1.394

Jenkins ≫ Jenkins Version1.395

Jenkins ≫ Jenkins Version1.396

Jenkins ≫ Jenkins Version1.397

Jenkins ≫ Jenkins Version1.398

Jenkins ≫ Jenkins Version1.399

Jenkins ≫ Jenkins Version1.400

Jenkins ≫ Jenkins Version1.401

Jenkins ≫ Jenkins Version1.402

Jenkins ≫ Jenkins Version1.403

Jenkins ≫ Jenkins Version1.404

Jenkins ≫ Jenkins Version1.405

Jenkins ≫ Jenkins Version1.406

Jenkins ≫ Jenkins Version1.407

Jenkins ≫ Jenkins Version1.408

Jenkins ≫ Jenkins Version1.409

Jenkins ≫ Jenkins Version1.409.1

Jenkins ≫ Jenkins Version1.409.2

Jenkins ≫ Jenkins Version1.410

Jenkins ≫ Jenkins Version1.411

Jenkins ≫ Jenkins Version1.412

Jenkins ≫ Jenkins Version1.413

Jenkins ≫ Jenkins Version1.414

Jenkins ≫ Jenkins Version1.415

Jenkins ≫ Jenkins Version1.416

Jenkins ≫ Jenkins Version1.417

Jenkins ≫ Jenkins Version1.418

Jenkins ≫ Jenkins Version1.419

Jenkins ≫ Jenkins Version1.420

Jenkins ≫ Jenkins Version1.421

Jenkins ≫ Jenkins Version1.422

Jenkins ≫ Jenkins Version1.423

Jenkins ≫ Jenkins Version1.424

Jenkins ≫ Jenkins Version1.425

Jenkins ≫ Jenkins Version1.426

Jenkins ≫ Jenkins Version1.427

Jenkins ≫ Jenkins Version1.428

Jenkins ≫ Jenkins Version1.429

Jenkins ≫ Jenkins Version1.430

Jenkins ≫ Jenkins Version1.431

Jenkins ≫ Jenkins Version1.432

Jenkins ≫ Jenkins Version1.433

Jenkins ≫ Jenkins Version1.434

Jenkins ≫ Jenkins Version1.435

Jenkins ≫ Jenkins Version1.436

Jenkins ≫ Jenkins Version1.437

Cloudbees ≫ Jenkins Version1.400 Editionenterprise

Cloudbees ≫ Jenkins Version1.400.0.12 Editionenterprise

Cloudbees ≫ Jenkins Version1.424 Editionenterprise

Cloudbees ≫ Jenkins Version1.424.5 Editionenterprise

Cloudbees ≫ Jenkins Version1.400 Editionlts

Cloudbees ≫ Jenkins Version1.400.0.12 Editionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.399

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb

Vendor Advisory

http://www.securityfocus.com/bid/52384

http://jvn.jp/en/jp/JVN79950061/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023

https://nvd.nist.gov/vuln/detail/CVE-2012-0325

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0325

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0325

EUVD