2.6

CVE-2013-0158

Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CloudbeesJenkins Version <= 1.480.3.1
JenkinsJenkins Version1.400
JenkinsJenkins Version1.401
JenkinsJenkins Version1.402
JenkinsJenkins Version1.403
JenkinsJenkins Version1.404
JenkinsJenkins Version1.405
JenkinsJenkins Version1.406
JenkinsJenkins Version1.407
JenkinsJenkins Version1.408
JenkinsJenkins Version1.409
JenkinsJenkins Version1.410
JenkinsJenkins Version1.411
JenkinsJenkins Version1.412
JenkinsJenkins Version1.413
JenkinsJenkins Version1.414
JenkinsJenkins Version1.415
JenkinsJenkins Version1.416
JenkinsJenkins Version1.417
JenkinsJenkins Version1.418
JenkinsJenkins Version1.419
JenkinsJenkins Version1.420
JenkinsJenkins Version1.421
JenkinsJenkins Version1.422
JenkinsJenkins Version1.423
JenkinsJenkins Version1.424
JenkinsJenkins Version1.425
JenkinsJenkins Version1.426
JenkinsJenkins Version1.427
JenkinsJenkins Version1.428
JenkinsJenkins Version1.429
JenkinsJenkins Version1.430
JenkinsJenkins Version1.431
JenkinsJenkins Version1.432
JenkinsJenkins Version1.433
JenkinsJenkins Version1.434
JenkinsJenkins Version1.435
JenkinsJenkins Version1.436
JenkinsJenkins Version1.437
CloudbeesJenkins Version1.466.1.2 Update- Editionenterprise
CloudbeesJenkins Version1.466.2.1 Update- Editionenterprise
CloudbeesJenkins Version1.400 Update- Editionlts
CloudbeesJenkins Version1.424 Update- Editionlts
CloudbeesJenkins Version1.447 Update- Editionlts
JenkinsJenkins Version <= 1.466.2
JenkinsJenkins Version1.409.1
JenkinsJenkins Version1.409.2
JenkinsJenkins Version1.409.3
JenkinsJenkins Version1.424.1
JenkinsJenkins Version1.424.2
JenkinsJenkins Version1.424.3
JenkinsJenkins Version1.424.4
JenkinsJenkins Version1.424.5
JenkinsJenkins Version1.424.6
JenkinsJenkins Version1.447.1
JenkinsJenkins Version1.447.2
JenkinsJenkins Version1.466.1
CloudbeesJenkins Version1.447.1.1 Update- Editionenterprise
CloudbeesJenkins Version1.447.2.2 Update- Editionenterprise
CloudbeesJenkins Version1.447.3.1 Update- Editionenterprise
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.46% 0.823
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://rhn.redhat.com/errata/RHSA-2013-0220.html
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb
Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/01/07/4
https://bugzilla.redhat.com/show_bug.cgi?id=892795
https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04
https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5
https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602
https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd
https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
Vendor Advisory