CVE-2013-6372Inadequate Encryption Strength in Subversion-plugin

CWE-255CWE-326Inadequate Encryption StrengthCWE-522Insufficiently Protected Credentials6 documents6 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 81.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins-ci Subversion-pluginJenkins Core
Timeline
PublishedMay 8
Latest updateMay 17

Description

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding2022-05-17
GHSA
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding2022-05-17

📋Vendor Advisories

2
Red Hat
Jenkins: insecure storage of passwords in Subversion plugin (SECURITY-58)2013-11-21
Jenkins
Jenkins Security Advisory 2013-11-202013-11-20

💬Community

1
Bugzilla
CVE-2013-6372 Jenkins: insecure storage of passwords in Subversion plugin (SECURITY-58)2013-11-20
CVE-2013-6372 — Inadequate Encryption Strength | cvebase