CVE-2012-6072Improper Input Validation in Jenkins

CWE-20Improper Input ValidationCWE-113HTTP Request/Response Splitting7 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 70.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cloudbees JenkinsJenkins
Timeline
PublishedFeb 24
Latest updateMay 14

Description

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDjenkins/jenkins1.466.2+50
NVDcloudbees/jenkins1.480.3.1+16

🔴Vulnerability Details

3
GHSA
Jenkins allows HTTP Injection and Response Splitting2022-05-14
OSV
Jenkins allows HTTP Injection and Response Splitting2022-05-14
CVEList
CVE-2012-6072: CRLF injection vulnerability in Jenkins before 12013-02-24

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2012-11-202012-11-20
Red Hat
Jenkins: HTTP response splitting2012-11-20

💬Community

1
Bugzilla
CVE-2012-6072 Jenkins: HTTP response splitting2012-12-28
CVE-2012-6072 — Improper Input Validation in Jenkins | cvebase