CVE-2012-6073
published 2013-02-24CVE-2012-6073: Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1…
PriorityP422medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EPSS
1.83%
76.2th percentile
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Affected
69 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudbees | jenkins | <= 1.480.3.1 | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| jenkins | jenkins | <= 1.466.2 | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
CVSS provenance
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
vendor_redhat5.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Jenkins affected by Open Redirect Vulnerability
osv·2022-05-14
CVE-2012-6073 [LOW] Jenkins affected by Open Redirect Vulnerability
Jenkins affected by Open Redirect Vulnerability
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
GHSA
Jenkins affected by Open Redirect Vulnerability
ghsa·2022-05-14
CVE-2012-6073 [LOW] CWE-20 Jenkins affected by Open Redirect Vulnerability
Jenkins affected by Open Redirect Vulnerability
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Jenkins
Jenkins Security Advisory 2012-11-20
vendor_jenkins·2012-11-20·CVSS 4.3
CVE-2012-6072 [MEDIUM] Jenkins Security Advisory 2012-11-20
Title: Jenkins Security Advisory 2012-11-20
Jenkins Security Advisory 2012-11-20
This advisory announces two security vulnerabilities that were found in Jenkins core.
Description
The first vulnerability is commonly known as HTTP response splitting vulnerability, which can act as a cross-site scripting vulnerability. This allows an anonymous attacker to inject malicious HTMLs to pages served by Jenkins. This in turn allows an attacker to escalate his privileges by hijacking sessions of other users. To mount this attack, the attacker needs to know the exact URL of your Jenkins installation. This vulnerability affects those who run Jenkins on its built-in servlet container (this includes all the native packages.) (CVE-2012-6072)
The secon
Red Hat
Jenkins: open redirect
vendor_redhat·2012-11-20·CVSS 5.8
CVE-2012-6073 [MEDIUM] Jenkins: open redirect
Jenkins: open redirect
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
No detection rules found.
No public exploits indexed.
http://rhn.redhat.com/errata/RHSA-2013-0220.htmlhttp://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cbhttp://www.openwall.com/lists/oss-security/2012/12/28/1https://bugzilla.redhat.com/show_bug.cgi?id=890608https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20http://rhn.redhat.com/errata/RHSA-2013-0220.htmlhttp://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cbhttp://www.openwall.com/lists/oss-security/2012/12/28/1https://bugzilla.redhat.com/show_bug.cgi?id=890608https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
2013-02-24
Published