CVE-2012-6074
Jenkins: cross-site scripting vulnerability
Severity Score
3.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.491, Jenkins LTS en versiones anteriores a 1.480.1 y Jenkins Enterprise 1.424.x en versiones anteriores a 1.424.6.13, 1.447.x en versiones anteriores a 1.447.4.1 y 1.466.x en versiones anteriores a 1.466.10.1 permite a usuarios remotos autenticados con acceso de escritura inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-12-06 CVE Reserved
- 2013-02-01 CVE Published
- 2024-01-15 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2012/12/28/1 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0220.html | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=890612 | 2013-01-31 | |
| https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2012-6074 | 2013-01-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | <= 1.480.3.1 Search vendor "Cloudbees" for product "Jenkins" and version " <= 1.480.3.1" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.400 Search vendor "Jenkins" for product "Jenkins" and version "1.400" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.401 Search vendor "Jenkins" for product "Jenkins" and version "1.401" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.402 Search vendor "Jenkins" for product "Jenkins" and version "1.402" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.403 Search vendor "Jenkins" for product "Jenkins" and version "1.403" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.404 Search vendor "Jenkins" for product "Jenkins" and version "1.404" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.405 Search vendor "Jenkins" for product "Jenkins" and version "1.405" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.406 Search vendor "Jenkins" for product "Jenkins" and version "1.406" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.407 Search vendor "Jenkins" for product "Jenkins" and version "1.407" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.408 Search vendor "Jenkins" for product "Jenkins" and version "1.408" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.409 Search vendor "Jenkins" for product "Jenkins" and version "1.409" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.410 Search vendor "Jenkins" for product "Jenkins" and version "1.410" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.411 Search vendor "Jenkins" for product "Jenkins" and version "1.411" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.412 Search vendor "Jenkins" for product "Jenkins" and version "1.412" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.413 Search vendor "Jenkins" for product "Jenkins" and version "1.413" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.414 Search vendor "Jenkins" for product "Jenkins" and version "1.414" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.415 Search vendor "Jenkins" for product "Jenkins" and version "1.415" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.416 Search vendor "Jenkins" for product "Jenkins" and version "1.416" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.417 Search vendor "Jenkins" for product "Jenkins" and version "1.417" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.418 Search vendor "Jenkins" for product "Jenkins" and version "1.418" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.419 Search vendor "Jenkins" for product "Jenkins" and version "1.419" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.420 Search vendor "Jenkins" for product "Jenkins" and version "1.420" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.421 Search vendor "Jenkins" for product "Jenkins" and version "1.421" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.422 Search vendor "Jenkins" for product "Jenkins" and version "1.422" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.423 Search vendor "Jenkins" for product "Jenkins" and version "1.423" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.424 Search vendor "Jenkins" for product "Jenkins" and version "1.424" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.425 Search vendor "Jenkins" for product "Jenkins" and version "1.425" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.426 Search vendor "Jenkins" for product "Jenkins" and version "1.426" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.427 Search vendor "Jenkins" for product "Jenkins" and version "1.427" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.428 Search vendor "Jenkins" for product "Jenkins" and version "1.428" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.429 Search vendor "Jenkins" for product "Jenkins" and version "1.429" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.430 Search vendor "Jenkins" for product "Jenkins" and version "1.430" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.431 Search vendor "Jenkins" for product "Jenkins" and version "1.431" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.432 Search vendor "Jenkins" for product "Jenkins" and version "1.432" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.433 Search vendor "Jenkins" for product "Jenkins" and version "1.433" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.434 Search vendor "Jenkins" for product "Jenkins" and version "1.434" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.435 Search vendor "Jenkins" for product "Jenkins" and version "1.435" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.436 Search vendor "Jenkins" for product "Jenkins" and version "1.436" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.437 Search vendor "Jenkins" for product "Jenkins" and version "1.437" | - |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.447.1.1 Search vendor "Cloudbees" for product "Jenkins" and version "1.447.1.1" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.447.2.2 Search vendor "Cloudbees" for product "Jenkins" and version "1.447.2.2" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.447.3.1 Search vendor "Cloudbees" for product "Jenkins" and version "1.447.3.1" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.424.0.2 Search vendor "Cloudbees" for product "Jenkins" and version "1.424.0.2" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.424.0.4 Search vendor "Cloudbees" for product "Jenkins" and version "1.424.0.4" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.424.1.1 Search vendor "Cloudbees" for product "Jenkins" and version "1.424.1.1" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.424.2.1 Search vendor "Cloudbees" for product "Jenkins" and version "1.424.2.1" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.424.4.1 Search vendor "Cloudbees" for product "Jenkins" and version "1.424.4.1" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.424.5.1 Search vendor "Cloudbees" for product "Jenkins" and version "1.424.5.1" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.424.6.1 Search vendor "Cloudbees" for product "Jenkins" and version "1.424.6.1" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.424.6.11 Search vendor "Cloudbees" for product "Jenkins" and version "1.424.6.11" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.466.1.2 Search vendor "Cloudbees" for product "Jenkins" and version "1.466.1.2" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.466.2.1 Search vendor "Cloudbees" for product "Jenkins" and version "1.466.2.1" | enterprise |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.400 Search vendor "Cloudbees" for product "Jenkins" and version "1.400" | lts |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.424 Search vendor "Cloudbees" for product "Jenkins" and version "1.424" | lts |
Affected
| ||||||
| Cloudbees Search vendor "Cloudbees" | Jenkins Search vendor "Cloudbees" for product "Jenkins" | 1.447 Search vendor "Cloudbees" for product "Jenkins" and version "1.447" | lts |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | <= 1.466.2 Search vendor "Jenkins" for product "Jenkins" and version " <= 1.466.2" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.409.1 Search vendor "Jenkins" for product "Jenkins" and version "1.409.1" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.409.2 Search vendor "Jenkins" for product "Jenkins" and version "1.409.2" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.409.3 Search vendor "Jenkins" for product "Jenkins" and version "1.409.3" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.424.1 Search vendor "Jenkins" for product "Jenkins" and version "1.424.1" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.424.2 Search vendor "Jenkins" for product "Jenkins" and version "1.424.2" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.424.3 Search vendor "Jenkins" for product "Jenkins" and version "1.424.3" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.424.4 Search vendor "Jenkins" for product "Jenkins" and version "1.424.4" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.424.5 Search vendor "Jenkins" for product "Jenkins" and version "1.424.5" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.424.6 Search vendor "Jenkins" for product "Jenkins" and version "1.424.6" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.447.1 Search vendor "Jenkins" for product "Jenkins" and version "1.447.1" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.447.2 Search vendor "Jenkins" for product "Jenkins" and version "1.447.2" | - |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | 1.466.1 Search vendor "Jenkins" for product "Jenkins" and version "1.466.1" | - |
Affected
| ||||||