CVE-2012-6074
published 2013-02-24CVE-2012-6074: Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before…
PriorityP414low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
1.42%
69.6th percentile
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
Affected
69 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudbees | jenkins | <= 1.480.3.1 | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| jenkins | jenkins | <= 1.466.2 | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Jenkins: cross-site scripting vulnerability
vendor_redhat·2012-11-20·CVSS 3.5
CVE-2012-6074 [LOW] CWE-79 Jenkins: cross-site scripting vulnerability
Jenkins: cross-site scripting vulnerability
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
Jenkins
Jenkins Security Advisory 2012-11-20
vendor_jenkins·2012-11-20·CVSS 4.3
CVE-2012-6072 [MEDIUM] Jenkins Security Advisory 2012-11-20
Title: Jenkins Security Advisory 2012-11-20
Jenkins Security Advisory 2012-11-20
This advisory announces two security vulnerabilities that were found in Jenkins core.
Description
The first vulnerability is commonly known as HTTP response splitting vulnerability, which can act as a cross-site scripting vulnerability. This allows an anonymous attacker to inject malicious HTMLs to pages served by Jenkins. This in turn allows an attacker to escalate his privileges by hijacking sessions of other users. To mount this attack, the attacker needs to know the exact URL of your Jenkins installation. This vulnerability affects those who run Jenkins on its built-in servlet container (this includes all the native packages.) (CVE-2012-6072)
The secon
GHSA
Jenkins allows Cross-Site Scripting (XSS)
ghsa·2022-05-14
CVE-2012-6074 [LOW] CWE-79 Jenkins allows Cross-Site Scripting (XSS)
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
OSV
Jenkins allows Cross-Site Scripting (XSS)
osv·2022-05-14
CVE-2012-6074 [LOW] Jenkins allows Cross-Site Scripting (XSS)
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
No detection rules found.
No public exploits indexed.
http://rhn.redhat.com/errata/RHSA-2013-0220.htmlhttp://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cbhttp://www.openwall.com/lists/oss-security/2012/12/28/1https://bugzilla.redhat.com/show_bug.cgi?id=890612https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20http://rhn.redhat.com/errata/RHSA-2013-0220.htmlhttp://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cbhttp://www.openwall.com/lists/oss-security/2012/12/28/1https://bugzilla.redhat.com/show_bug.cgi?id=890612https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
2013-02-24
Published