Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2013-0158

Published: 24/02/2013 Updated: 30/10/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to Jenkins

Vulnerability Summary

Unspecified vulnerability in Jenkins prior to 1.498, Jenkins LTS prior to 1.480.2, and Jenkins Enterprise 1.447.x prior to 1.447.6.1 and 1.466.x prior to 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote malicious users to obtain the master cryptographic key via unknown vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

jenkins jenkins 1.404

jenkins jenkins 1.402

jenkins jenkins 1.403

jenkins jenkins 1.431

jenkins jenkins 1.418

jenkins jenkins 1.421

jenkins jenkins 1.420

jenkins jenkins 1.414

jenkins jenkins 1.415

jenkins jenkins 1.437

jenkins jenkins 1.434

jenkins jenkins 1.435

cloudbees jenkins

jenkins jenkins 1.401

jenkins jenkins 1.430

jenkins jenkins 1.432

jenkins jenkins 1.425

jenkins jenkins 1.419

jenkins jenkins 1.417

jenkins jenkins 1.411

jenkins jenkins 1.408

jenkins jenkins 1.405

jenkins jenkins 1.426

jenkins jenkins 1.429

jenkins jenkins 1.428

jenkins jenkins 1.423

jenkins jenkins 1.412

jenkins jenkins 1.413

jenkins jenkins 1.406

jenkins jenkins 1.407

jenkins jenkins 1.400

jenkins jenkins 1.433

jenkins jenkins 1.427

jenkins jenkins 1.422

jenkins jenkins 1.424

jenkins jenkins 1.416

jenkins jenkins 1.410

jenkins jenkins 1.409

jenkins jenkins 1.436

cloudbees jenkins 1.466.1.2

cloudbees jenkins 1.466.2.1

jenkins jenkins 1.424.3

jenkins jenkins 1.424.2

jenkins jenkins 1.424.1

cloudbees jenkins 1.447

jenkins jenkins 1.424.6

jenkins jenkins 1.424.4

cloudbees jenkins 1.424

jenkins jenkins 1.409.3

jenkins jenkins 1.409.1

jenkins jenkins 1.409.2

jenkins jenkins

jenkins jenkins 1.466.1

jenkins jenkins 1.447.2

jenkins jenkins 1.447.1

jenkins jenkins 1.424.5

cloudbees jenkins 1.400

cloudbees jenkins 1.447.1.1

cloudbees jenkins 1.447.2.2

cloudbees jenkins 1.447.3.1

Vendor Advisories

Debian CVElist Bug Report Logs: jenkins: Security issues were found in Jenkins core
Debian Bug report logs - #696816 jenkins: Security issues were found in Jenkins core Package: jenkins; Maintainer for jenkins is (unknown); Reported by: Nobuhiro Ban <bannobuhiro@gmailcom> Date: Thu, 27 Dec 2012 16:21:02 UTC Severity: grave Tags: security Found in version jenkins/14472+dfsg-2 Fixed in versions jenkins ...

Recent Articles

New Uyghur and Tibetan Themed Attacks Using PDF Exploits
Securelist • Igor Soumenkov Costin Raiu • 14 Mar 2013

On Feb 12th 2013, FireEye announced the discovery of an Adobe Reader 0-day exploit which is used to drop a previously unknown, advanced piece of malware. We called this new malware “ItaDuke” because it reminded us of Duqu and because of the ancient Italian comments in the shellcode copied from Dante Alighieri’s “Divine Comedy”. Previously, we posted about another campaign hitting Governments and other institutions, named Miniduke, which was also using the same “Divine Comedy” PDF e...

Read more...

References

NVD-CWE-noinfohttp://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cbhttps://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2http://rhn.redhat.com/errata/RHSA-2013-0220.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=892795http://www.openwall.com/lists/oss-security/2013/01/07/4https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fdhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696816https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook