CVE-2013-0158

Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.

Published Bysecalert@redhat.com

Published DateFeb 24, 2013, 22:55

Affected Versions(2)

org.jenkins-ci.main:jenkins-core(Maven)

Introduced1.481

Fixed1.498

LimitN/A

org.jenkins-ci.main:jenkins-core(Maven)

Introduced0

Fixed1.480.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.jenkins-ci.main:jenkins-core(Maven)	1.481	1.498	N/A
org.jenkins-ci.main:jenkins-core(Maven)	0	1.480.2	N/A

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

2.6

Vector String

AV:N/AC:H/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE

References

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

2.6

Vector String

AV:N/AC:H/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE