[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80130

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2013-0158

Date: (C)2013-02-25   (M)2017-12-06 


Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.

CVSS Score: 2.6Access Vector: NETWORK
Exploit Score: 4.9Access Complexity: HIGH
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
RHSA-2013:0220
http://www.openwall.com/lists/oss-security/2013/01/07/4
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb
https://bugzilla.redhat.com/show_bug.cgi?id=892795
https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04
https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5
https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602
https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd
https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04

CPE    62
cpe:/a:cloudbees:jenkins:1.466.2.1:-:enterprise
cpe:/a:cloudbees:jenkins:1.466.1.2:-:enterprise
cpe:/a:cloudbees:jenkins:1.447.2.2:-:enterprise
cpe:/a:cloudbees:jenkins:1.447:-:lts
...

© 2013 SecPod Technologies