CVE-2013-0158
low
CVSS v3
—
CVSS v2
2.6
VIR risk
2.6
Description
Jenkins allows attackers to obtain the master cryptographic key
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
Vendor advisory: secalert@redhat.com — http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.jenkins-ci.main:jenkins-core | >=1.481,<1.498 | 1.498 |
| Maven | org.jenkins-ci.main:jenkins-core | <1.480.2 | 1.480.2 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cloudbees | jenkins | {"endIncluding":"1.480.3.1"} | |
| jenkins | jenkins | 1.400 | |
| jenkins | jenkins | 1.401 | |
| jenkins | jenkins | 1.402 | |
| jenkins | jenkins | 1.403 | |
| jenkins | jenkins | 1.404 | |
| jenkins | jenkins | 1.405 | |
| jenkins | jenkins | 1.406 | |
| jenkins | jenkins | 1.407 | |
| jenkins | jenkins | 1.408 | |
| jenkins | jenkins | 1.409 | |
| jenkins | jenkins | 1.410 | |
| jenkins | jenkins | 1.411 | |
| jenkins | jenkins | 1.412 | |
| jenkins | jenkins | 1.413 | |
| jenkins | jenkins | 1.414 | |
| jenkins | jenkins | 1.415 | |
| jenkins | jenkins | 1.416 | |
| jenkins | jenkins | 1.417 | |
| jenkins | jenkins | 1.418 | |
| jenkins | jenkins | 1.419 | |
| jenkins | jenkins | 1.420 | |
| jenkins | jenkins | 1.421 | |
| jenkins | jenkins | 1.422 | |
| jenkins | jenkins | 1.423 | |
| jenkins | jenkins | 1.424 | |
| jenkins | jenkins | 1.425 | |
| jenkins | jenkins | 1.426 | |
| jenkins | jenkins | 1.427 | |
| jenkins | jenkins | 1.428 | |
| jenkins | jenkins | 1.429 | |
| jenkins | jenkins | 1.430 | |
| jenkins | jenkins | 1.431 | |
| jenkins | jenkins | 1.432 | |
| jenkins | jenkins | 1.433 | |
| jenkins | jenkins | 1.434 | |
| jenkins | jenkins | 1.435 | |
| jenkins | jenkins | 1.436 | |
| jenkins | jenkins | 1.437 | |
| cloudbees | jenkins | 1.466.1.2 | |
| cloudbees | jenkins | 1.466.2.1 | |
| cloudbees | jenkins | 1.400 | |
| cloudbees | jenkins | 1.424 | |
| cloudbees | jenkins | 1.447 | |
| jenkins | jenkins | {"endIncluding":"1.466.2"} | |
| jenkins | jenkins | 1.409.1 | |
| jenkins | jenkins | 1.409.2 | |
| jenkins | jenkins | 1.409.3 | |
| jenkins | jenkins | 1.424.1 | |
| jenkins | jenkins | 1.424.2 | |
| jenkins | jenkins | 1.424.3 | |
| jenkins | jenkins | 1.424.4 | |
| jenkins | jenkins | 1.424.5 | |
| jenkins | jenkins | 1.424.6 | |
| jenkins | jenkins | 1.447.1 | |
| jenkins | jenkins | 1.447.2 | |
| jenkins | jenkins | 1.466.1 | |
| cloudbees | jenkins | 1.447.1.1 | |
| cloudbees | jenkins | 1.447.2.2 | |
| cloudbees | jenkins | 1.447.3.1 | |
References
- http://rhn.redhat.com/errata/RHSA-2013-0220.html
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb
- http://www.openwall.com/lists/oss-security/2013/01/07/4
- https://bugzilla.redhat.com/show_bug.cgi?id=892795
- https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04
- https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5
- https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602
- https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd
- https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
- https://nvd.nist.gov/vuln/detail/CVE-2013-0158
- https://github.com/jenkinsci/jenkins/commit/48ecccc1669f325acf72953923f9d9620b2590e3
- https://github.com/jenkinsci/jenkins/commit/56e4b6e287046e4ad2a02f8bd70225a86e74bd34
- https://github.com/jenkinsci/jenkins/commit/7983ae3baea779df18862623d594744b8d285392
- https://github.com/jenkinsci/jenkins/commit/9fb6c2ca0c73b43cc2e6d08c09707ee67005e526
- https://github.com/jenkinsci/jenkins/commit/a411b0c3b32eb314d5a26b64de1b3d5db2760443
- https://github.com/jenkinsci/jenkins/commit/e401c7cfe7b28b6ff9d0893e89c2568596b96915
- https://github.com/jenkinsci/jenkins
Verify integrity in audit chain (admin only). AS-IS.