Vulnerability DatabaseCVE-2013-0158
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2013-0158
February 24, 2013
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
Affected Packages
org.jenkins-ci.main:jenkins-core (JAVA):
Affected version(s) >=1.396 <1.480.2
Fix Suggestion:
Update to version 1.480.2
org.jenkins-ci.main:jenkins-core (JAVA):
Affected version(s) >=1.481 <1.498
Fix Suggestion:
Update to version 1.498
Related ResourcesĀ (18)
https://github.com/jenkinsci/jenkins/commit/56e4b6e287046e4ad2a02f8bd70225a86e74bd34
https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd
http://www.openwall.com/lists/oss-security/2013/01/07/4
https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5
https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2
https://bugzilla.redhat.com/show_bug.cgi?id=892795
https://github.com/jenkinsci/jenkins/commit/9fb6c2ca0c73b43cc2e6d08c09707ee67005e526
https://github.com/jenkinsci/jenkins
https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602
https://github.com/jenkinsci/jenkins/commit/a411b0c3b32eb314d5a26b64de1b3d5db2760443
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb
https://github.com/jenkinsci/jenkins/commit/7983ae3baea779df18862623d594744b8d285392
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
https://github.com/jenkinsci/jenkins/commit/48ecccc1669f325acf72953923f9d9620b2590e3
https://nvd.nist.gov/vuln/detail/CVE-2013-0158
https://github.com/jenkinsci/jenkins/commit/e401c7cfe7b28b6ff9d0893e89c2568596b96915
http://rhn.redhat.com/errata/RHSA-2013-0220.html
https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
ATTACKED
CVSS v3
Base Score:
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Exploit Maturity
HIGH
CVSS v2
Base Score:
2.6
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
EPSS
Base Score:
0.65