Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-0158

Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.

Security Impact Summary

CVE-2013-0158 is a security vulnerability that . Impacting 2 products from cloudbees, from jenkins organizations running these solutions should prioritize assessment and patching.

Historical Context

Documented in 2013, this vulnerability occurred amid the cloud computing expansion era, where traditional network perimeter security models were being reevaluated. Organizations were transitioning from isolated infrastructure to interconnected systems, creating new attack surfaces that vulnerabilities like this could exploit.

Published

2013-02-24T22:55:01.253

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.6 (LOW)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

4.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cloudbees	jenkins	≤ 1.480.3.1	Yes
Application	jenkins	jenkins	1.400	Yes
Application	jenkins	jenkins	1.401	Yes
Application	jenkins	jenkins	1.402	Yes
Application	jenkins	jenkins	1.403	Yes
Application	jenkins	jenkins	1.404	Yes
Application	jenkins	jenkins	1.405	Yes
Application	jenkins	jenkins	1.406	Yes
Application	jenkins	jenkins	1.407	Yes
Application	jenkins	jenkins	1.408	Yes
Application	jenkins	jenkins	1.409	Yes
Application	jenkins	jenkins	1.410	Yes
Application	jenkins	jenkins	1.411	Yes
Application	jenkins	jenkins	1.412	Yes
Application	jenkins	jenkins	1.413	Yes
Application	jenkins	jenkins	1.414	Yes
Application	jenkins	jenkins	1.415	Yes
Application	jenkins	jenkins	1.416	Yes
Application	jenkins	jenkins	1.417	Yes
Application	jenkins	jenkins	1.418	Yes
Application	jenkins	jenkins	1.419	Yes
Application	jenkins	jenkins	1.420	Yes
Application	jenkins	jenkins	1.421	Yes
Application	jenkins	jenkins	1.422	Yes
Application	jenkins	jenkins	1.423	Yes
Application	jenkins	jenkins	1.424	Yes
Application	jenkins	jenkins	1.425	Yes
Application	jenkins	jenkins	1.426	Yes
Application	jenkins	jenkins	1.427	Yes
Application	jenkins	jenkins	1.428	Yes
Application	jenkins	jenkins	1.429	Yes
Application	jenkins	jenkins	1.430	Yes
Application	jenkins	jenkins	1.431	Yes
Application	jenkins	jenkins	1.432	Yes
Application	jenkins	jenkins	1.433	Yes
Application	jenkins	jenkins	1.434	Yes
Application	jenkins	jenkins	1.435	Yes
Application	jenkins	jenkins	1.436	Yes
Application	jenkins	jenkins	1.437	Yes
Application	cloudbees	jenkins	1.466.1.2	Yes
Application	cloudbees	jenkins	1.466.2.1	Yes
Application	cloudbees	jenkins	1.400	Yes
Application	cloudbees	jenkins	1.424	Yes
Application	cloudbees	jenkins	1.447	Yes
Application	jenkins	jenkins	≤ 1.466.2	Yes
Application	jenkins	jenkins	1.409.1	Yes
Application	jenkins	jenkins	1.409.2	Yes
Application	jenkins	jenkins	1.409.3	Yes
Application	jenkins	jenkins	1.424.1	Yes
Application	jenkins	jenkins	1.424.2	Yes
Application	jenkins	jenkins	1.424.3	Yes
Application	jenkins	jenkins	1.424.4	Yes
Application	jenkins	jenkins	1.424.5	Yes
Application	jenkins	jenkins	1.424.6	Yes
Application	jenkins	jenkins	1.447.1	Yes
Application	jenkins	jenkins	1.447.2	Yes
Application	jenkins	jenkins	1.466.1	Yes
Application	cloudbees	jenkins	1.447.1.1	Yes
Application	cloudbees	jenkins	1.447.2.2	Yes
Application	cloudbees	jenkins	1.447.3.1	Yes

References

http://rhn.redhat.com/errata/RHSA-2013-0220.html ([email protected])
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2013/01/07/4 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=892795 ([email protected])
https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04 ([email protected])
https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5 ([email protected])
https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602 ([email protected])
https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd ([email protected])
https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2 ([email protected])
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 Vendor Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-0220.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2013/01/07/4 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=892795 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2 (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For cloudbees's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.