CVE-2012-4438

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
jenkinsjenkins
𝑥
< 1.466.2
jenkinsjenkins
𝑥
< 1.482
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jenkins
raring
not-affected
quantal
not-affected
precise
Fixed 1.424.6+dfsg-1ubuntu0.1
released
oneiric
ignored
natty
dne
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2012/09/21/2
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438
https://security-tracker.debian.org/tracker/CVE-2012-4438
https://www.cloudbees.com/jenkins-security-advisory-2012-09-17
http://www.openwall.com/lists/oss-security/2012/09/21/2
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438
https://security-tracker.debian.org/tracker/CVE-2012-4438
https://www.cloudbees.com/jenkins-security-advisory-2012-09-17