CVE-2012-0324
medium
CVSS v3
—
CVSS v2
4.3
VIR risk
4.3
Description
Jenkins allows Cross-Site Scripting (XSS)
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: vultures@jpcert.or.jp — http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.jenkins-ci.main:jenkins-core | >=1.425,<1.454 | 1.454 |
| Maven | org.jenkins-ci.main:jenkins-core | <1.424.5 | 1.424.5 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cloudbees | jenkins | 1.400 | |
| cloudbees | jenkins | 1.400.0.12 | |
| cloudbees | jenkins | 1.424 | |
| cloudbees | jenkins | 1.424.5 | |
| cloudbees | jenkins | {"endIncluding":"1.453"} | |
| jenkins | jenkins | 1.301 | |
| jenkins | jenkins | 1.302 | |
| jenkins | jenkins | 1.303 | |
| jenkins | jenkins | 1.304 | |
| jenkins | jenkins | 1.305 | |
| jenkins | jenkins | 1.306 | |
| jenkins | jenkins | 1.307 | |
| jenkins | jenkins | 1.308 | |
| jenkins | jenkins | 1.309 | |
| jenkins | jenkins | 1.310 | |
| jenkins | jenkins | 1.311 | |
| jenkins | jenkins | 1.312 | |
| jenkins | jenkins | 1.313 | |
| jenkins | jenkins | 1.314 | |
| jenkins | jenkins | 1.315 | |
| jenkins | jenkins | 1.316 | |
| jenkins | jenkins | 1.317 | |
| jenkins | jenkins | 1.318 | |
| jenkins | jenkins | 1.319 | |
| jenkins | jenkins | 1.320 | |
| jenkins | jenkins | 1.321 | |
| jenkins | jenkins | 1.322 | |
| jenkins | jenkins | 1.323 | |
| jenkins | jenkins | 1.324 | |
| jenkins | jenkins | 1.325 | |
| jenkins | jenkins | 1.326 | |
| jenkins | jenkins | 1.327 | |
| jenkins | jenkins | 1.328 | |
| jenkins | jenkins | 1.329 | |
| jenkins | jenkins | 1.330 | |
| jenkins | jenkins | 1.331 | |
| jenkins | jenkins | 1.332 | |
| jenkins | jenkins | 1.333 | |
| jenkins | jenkins | 1.334 | |
| jenkins | jenkins | 1.335 | |
| jenkins | jenkins | 1.336 | |
| jenkins | jenkins | 1.337 | |
| jenkins | jenkins | 1.338 | |
| jenkins | jenkins | 1.339 | |
| jenkins | jenkins | 1.340 | |
| jenkins | jenkins | 1.341 | |
| jenkins | jenkins | 1.342 | |
| jenkins | jenkins | 1.343 | |
| jenkins | jenkins | 1.344 | |
| jenkins | jenkins | 1.345 | |
| jenkins | jenkins | 1.346 | |
| jenkins | jenkins | 1.347 | |
| jenkins | jenkins | 1.348 | |
| jenkins | jenkins | 1.349 | |
| jenkins | jenkins | 1.350 | |
| jenkins | jenkins | 1.351 | |
| jenkins | jenkins | 1.352 | |
| jenkins | jenkins | 1.353 | |
| jenkins | jenkins | 1.354 | |
| jenkins | jenkins | 1.355 | |
| jenkins | jenkins | 1.356 | |
| jenkins | jenkins | 1.357 | |
| jenkins | jenkins | 1.358 | |
| jenkins | jenkins | 1.359 | |
| jenkins | jenkins | 1.360 | |
| jenkins | jenkins | 1.361 | |
| jenkins | jenkins | 1.362 | |
| jenkins | jenkins | 1.363 | |
| jenkins | jenkins | 1.364 | |
| jenkins | jenkins | 1.365 | |
| jenkins | jenkins | 1.366 | |
| jenkins | jenkins | 1.367 | |
| jenkins | jenkins | 1.368 | |
| jenkins | jenkins | 1.369 | |
| jenkins | jenkins | 1.370 | |
| jenkins | jenkins | 1.371 | |
| jenkins | jenkins | 1.372 | |
| jenkins | jenkins | 1.373 | |
| jenkins | jenkins | 1.374 | |
| jenkins | jenkins | 1.375 | |
| jenkins | jenkins | 1.376 | |
| jenkins | jenkins | 1.377 | |
| jenkins | jenkins | 1.378 | |
| jenkins | jenkins | 1.379 | |
| jenkins | jenkins | 1.380 | |
| jenkins | jenkins | 1.382 | |
| jenkins | jenkins | 1.383 | |
| jenkins | jenkins | 1.384 | |
| jenkins | jenkins | 1.386 | |
| jenkins | jenkins | 1.387 | |
| jenkins | jenkins | 1.388 | |
| jenkins | jenkins | 1.389 | |
| jenkins | jenkins | 1.390 | |
| jenkins | jenkins | 1.391 | |
| jenkins | jenkins | 1.392 | |
| jenkins | jenkins | 1.393 | |
| jenkins | jenkins | 1.394 | |
| jenkins | jenkins | 1.395 | |
| jenkins | jenkins | 1.396 | |
| jenkins | jenkins | 1.397 | |
| jenkins | jenkins | 1.398 | |
| jenkins | jenkins | 1.399 | |
| jenkins | jenkins | 1.400 | |
| jenkins | jenkins | 1.401 | |
| jenkins | jenkins | 1.402 | |
| jenkins | jenkins | 1.403 | |
| jenkins | jenkins | 1.404 | |
| jenkins | jenkins | 1.405 | |
| jenkins | jenkins | 1.406 | |
| jenkins | jenkins | 1.407 | |
| jenkins | jenkins | 1.408 | |
| jenkins | jenkins | 1.409 | |
| jenkins | jenkins | 1.409.1 | |
| jenkins | jenkins | 1.409.2 | |
| jenkins | jenkins | 1.410 | |
| jenkins | jenkins | 1.411 | |
| jenkins | jenkins | 1.412 | |
| jenkins | jenkins | 1.413 | |
| jenkins | jenkins | 1.414 | |
| jenkins | jenkins | 1.415 | |
| jenkins | jenkins | 1.416 | |
| jenkins | jenkins | 1.417 | |
| jenkins | jenkins | 1.418 | |
| jenkins | jenkins | 1.419 | |
| jenkins | jenkins | 1.420 | |
| jenkins | jenkins | 1.421 | |
| jenkins | jenkins | 1.422 | |
| jenkins | jenkins | 1.423 | |
| jenkins | jenkins | 1.424 | |
| jenkins | jenkins | 1.425 | |
| jenkins | jenkins | 1.426 | |
| jenkins | jenkins | 1.427 | |
| jenkins | jenkins | 1.428 | |
| jenkins | jenkins | 1.429 | |
| jenkins | jenkins | 1.430 | |
| jenkins | jenkins | 1.431 | |
| jenkins | jenkins | 1.432 | |
| jenkins | jenkins | 1.433 | |
| jenkins | jenkins | 1.434 | |
| jenkins | jenkins | 1.435 | |
| jenkins | jenkins | 1.436 | |
| jenkins | jenkins | 1.437 | |
References
- http://jvn.jp/en/jp/JVN14791558/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb
- http://www.securityfocus.com/bid/52384
- https://nvd.nist.gov/vuln/detail/CVE-2012-0324
- https://github.com/jenkinsci/jenkins
- https://web.archive.org/web/20200229025003/https://www.securityfocus.com/bid/52384
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.