CVE-2013-0158 — Jenkins vulnerability

8 documents8 sources

Severity

2.6LOWNVD

EPSS

0.7%

top 29.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudbees Jenkins Jenkins

Timeline

PublishedFeb 24

Latest updateMay 5

Description

Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶NVDjenkins/jenkins1.466.2+50

▶NVDcloudbees/jenkins1.480.3.1+8

🔴Vulnerability Details

OSV

Jenkins allows attackers to obtain the master cryptographic key↗2022-05-05

▶

GHSA

Jenkins allows attackers to obtain the master cryptographic key↗2022-05-05

▶

CVEList

CVE-2013-0158: Unspecified vulnerability in Jenkins before 1↗2013-02-24

▶

VulnCheck

Jenkins Cryptographic Key Security Bypass↗2013

▶

📋Vendor Advisories

Red Hat

jenkins: remote unauthenticated retrieval of master cryptographic key (Jenkins Security Advisory 2013-01-04)↗2013-01-04

▶

💬Community

Bugzilla

CVE-2013-0158 jenkins: remote unauthenticated retrieval of master cryptographic key (Jenkins Security Advisory 2013-01-04)↗2013-01-07

▶