CVE-2012-6073
medium
CVSS v3
—
CVSS v2
5.8
VIR risk
5.8
Description
Jenkins affected by Open Redirect Vulnerability
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.jenkins-ci.main:jenkins-core | <1.480.1 | 1.480.1 |
| Maven | org.jenkins-ci.main:jenkins-core | >=1.481,<1.491 | 1.491 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cloudbees | jenkins | 1.447.1.1 | |
| cloudbees | jenkins | 1.447.2.2 | |
| cloudbees | jenkins | 1.447.3.1 | |
| cloudbees | jenkins | 1.400 | |
| cloudbees | jenkins | 1.424 | |
| cloudbees | jenkins | 1.447 | |
| jenkins | jenkins | {"endIncluding":"1.466.2"} | |
| jenkins | jenkins | 1.409.1 | |
| jenkins | jenkins | 1.409.2 | |
| jenkins | jenkins | 1.409.3 | |
| jenkins | jenkins | 1.424.1 | |
| jenkins | jenkins | 1.424.2 | |
| jenkins | jenkins | 1.424.3 | |
| jenkins | jenkins | 1.424.4 | |
| jenkins | jenkins | 1.424.5 | |
| jenkins | jenkins | 1.424.6 | |
| jenkins | jenkins | 1.447.1 | |
| jenkins | jenkins | 1.447.2 | |
| jenkins | jenkins | 1.466.1 | |
| cloudbees | jenkins | 1.424.0.2 | |
| cloudbees | jenkins | 1.424.0.4 | |
| cloudbees | jenkins | 1.424.1.1 | |
| cloudbees | jenkins | 1.424.2.1 | |
| cloudbees | jenkins | 1.424.4.1 | |
| cloudbees | jenkins | 1.424.5.1 | |
| cloudbees | jenkins | 1.424.6.1 | |
| cloudbees | jenkins | 1.424.6.11 | |
| cloudbees | jenkins | {"endIncluding":"1.480.3.1"} | |
| jenkins | jenkins | 1.400 | |
| jenkins | jenkins | 1.401 | |
| jenkins | jenkins | 1.402 | |
| jenkins | jenkins | 1.403 | |
| jenkins | jenkins | 1.404 | |
| jenkins | jenkins | 1.405 | |
| jenkins | jenkins | 1.406 | |
| jenkins | jenkins | 1.407 | |
| jenkins | jenkins | 1.408 | |
| jenkins | jenkins | 1.409 | |
| jenkins | jenkins | 1.410 | |
| jenkins | jenkins | 1.411 | |
| jenkins | jenkins | 1.412 | |
| jenkins | jenkins | 1.413 | |
| jenkins | jenkins | 1.414 | |
| jenkins | jenkins | 1.415 | |
| jenkins | jenkins | 1.416 | |
| jenkins | jenkins | 1.417 | |
| jenkins | jenkins | 1.418 | |
| jenkins | jenkins | 1.419 | |
| jenkins | jenkins | 1.420 | |
| jenkins | jenkins | 1.421 | |
| jenkins | jenkins | 1.422 | |
| jenkins | jenkins | 1.423 | |
| jenkins | jenkins | 1.424 | |
| jenkins | jenkins | 1.425 | |
| jenkins | jenkins | 1.426 | |
| jenkins | jenkins | 1.427 | |
| jenkins | jenkins | 1.428 | |
| jenkins | jenkins | 1.429 | |
| jenkins | jenkins | 1.430 | |
| jenkins | jenkins | 1.431 | |
| jenkins | jenkins | 1.432 | |
| jenkins | jenkins | 1.433 | |
| jenkins | jenkins | 1.434 | |
| jenkins | jenkins | 1.435 | |
| jenkins | jenkins | 1.436 | |
| jenkins | jenkins | 1.437 | |
| cloudbees | jenkins | 1.466.1.2 | |
| cloudbees | jenkins | 1.466.2.1 | |
References
- http://rhn.redhat.com/errata/RHSA-2013-0220.html
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
- http://www.openwall.com/lists/oss-security/2012/12/28/1
- https://bugzilla.redhat.com/show_bug.cgi?id=890608
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
- https://nvd.nist.gov/vuln/detail/CVE-2012-6073
- https://github.com/jenkinsci/jenkins
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.