Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-0158

Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.

Published

2013-02-24T22:55:01.253

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.6 (LOW)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

4.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cloudbees	jenkins	≤ 1.480.3.1	Yes
Application	jenkins	jenkins	1.400	Yes
Application	jenkins	jenkins	1.401	Yes
Application	jenkins	jenkins	1.402	Yes
Application	jenkins	jenkins	1.403	Yes
Application	jenkins	jenkins	1.404	Yes
Application	jenkins	jenkins	1.405	Yes
Application	jenkins	jenkins	1.406	Yes
Application	jenkins	jenkins	1.407	Yes
Application	jenkins	jenkins	1.408	Yes
Application	jenkins	jenkins	1.409	Yes
Application	jenkins	jenkins	1.410	Yes
Application	jenkins	jenkins	1.411	Yes
Application	jenkins	jenkins	1.412	Yes
Application	jenkins	jenkins	1.413	Yes
Application	jenkins	jenkins	1.414	Yes
Application	jenkins	jenkins	1.415	Yes
Application	jenkins	jenkins	1.416	Yes
Application	jenkins	jenkins	1.417	Yes
Application	jenkins	jenkins	1.418	Yes
Application	jenkins	jenkins	1.419	Yes
Application	jenkins	jenkins	1.420	Yes
Application	jenkins	jenkins	1.421	Yes
Application	jenkins	jenkins	1.422	Yes
Application	jenkins	jenkins	1.423	Yes
Application	jenkins	jenkins	1.424	Yes
Application	jenkins	jenkins	1.425	Yes
Application	jenkins	jenkins	1.426	Yes
Application	jenkins	jenkins	1.427	Yes
Application	jenkins	jenkins	1.428	Yes
Application	jenkins	jenkins	1.429	Yes
Application	jenkins	jenkins	1.430	Yes
Application	jenkins	jenkins	1.431	Yes
Application	jenkins	jenkins	1.432	Yes
Application	jenkins	jenkins	1.433	Yes
Application	jenkins	jenkins	1.434	Yes
Application	jenkins	jenkins	1.435	Yes
Application	jenkins	jenkins	1.436	Yes
Application	jenkins	jenkins	1.437	Yes
Application	cloudbees	jenkins	1.466.1.2	Yes
Application	cloudbees	jenkins	1.466.2.1	Yes
Application	cloudbees	jenkins	1.400	Yes
Application	cloudbees	jenkins	1.424	Yes
Application	cloudbees	jenkins	1.447	Yes
Application	jenkins	jenkins	≤ 1.466.2	Yes
Application	jenkins	jenkins	1.409.1	Yes
Application	jenkins	jenkins	1.409.2	Yes
Application	jenkins	jenkins	1.409.3	Yes
Application	jenkins	jenkins	1.424.1	Yes
Application	jenkins	jenkins	1.424.2	Yes
Application	jenkins	jenkins	1.424.3	Yes
Application	jenkins	jenkins	1.424.4	Yes
Application	jenkins	jenkins	1.424.5	Yes
Application	jenkins	jenkins	1.424.6	Yes
Application	jenkins	jenkins	1.447.1	Yes
Application	jenkins	jenkins	1.447.2	Yes
Application	jenkins	jenkins	1.466.1	Yes
Application	cloudbees	jenkins	1.447.1.1	Yes
Application	cloudbees	jenkins	1.447.2.2	Yes
Application	cloudbees	jenkins	1.447.3.1	Yes

References

http://rhn.redhat.com/errata/RHSA-2013-0220.html ([email protected])
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2013/01/07/4 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=892795 ([email protected])
https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04 ([email protected])
https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5 ([email protected])
https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602 ([email protected])
https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd ([email protected])
https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2 ([email protected])
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 Vendor Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-0220.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2013/01/07/4 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=892795 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2 (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)