CVE-2012-6072 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Vendor	Product	Version
cloudbees	jenkins	1.447.1.1
cloudbees	jenkins	1.447.2.2
cloudbees	jenkins	1.447.3.1
cloudbees	jenkins	1.400
cloudbees	jenkins	1.424
cloudbees	jenkins	1.447
jenkins	jenkins	𝑥 ≤ 1.466.2
jenkins	jenkins	1.409.1
jenkins	jenkins	1.409.2
jenkins	jenkins	1.409.3
jenkins	jenkins	1.424.1
jenkins	jenkins	1.424.2
jenkins	jenkins	1.424.3
jenkins	jenkins	1.424.4
jenkins	jenkins	1.424.5
jenkins	jenkins	1.424.6
jenkins	jenkins	1.447.1
jenkins	jenkins	1.447.2
jenkins	jenkins	1.466.1
cloudbees	jenkins	1.466.1.2
cloudbees	jenkins	1.466.2.1
cloudbees	jenkins	𝑥 ≤ 1.480.3.1
jenkins	jenkins	1.400
jenkins	jenkins	1.401
jenkins	jenkins	1.402
jenkins	jenkins	1.403
jenkins	jenkins	1.404
jenkins	jenkins	1.405
jenkins	jenkins	1.406
jenkins	jenkins	1.407
jenkins	jenkins	1.408
jenkins	jenkins	1.409
jenkins	jenkins	1.410
jenkins	jenkins	1.411
jenkins	jenkins	1.412
jenkins	jenkins	1.413
jenkins	jenkins	1.414
jenkins	jenkins	1.415
jenkins	jenkins	1.416
jenkins	jenkins	1.417
jenkins	jenkins	1.418
jenkins	jenkins	1.419
jenkins	jenkins	1.420
jenkins	jenkins	1.421
jenkins	jenkins	1.422
jenkins	jenkins	1.423
jenkins	jenkins	1.424
jenkins	jenkins	1.425
jenkins	jenkins	1.426
jenkins	jenkins	1.427
jenkins	jenkins	1.428
jenkins	jenkins	1.429
jenkins	jenkins	1.430
jenkins	jenkins	1.431
jenkins	jenkins	1.432
jenkins	jenkins	1.433
jenkins	jenkins	1.434
jenkins	jenkins	1.435
jenkins	jenkins	1.436
jenkins	jenkins	1.437
cloudbees	jenkins	1.424.0.2
cloudbees	jenkins	1.424.0.4
cloudbees	jenkins	1.424.1.1
cloudbees	jenkins	1.424.2.1
cloudbees	jenkins	1.424.4.1
cloudbees	jenkins	1.424.5.1
cloudbees	jenkins	1.424.6.1
cloudbees	jenkins	1.424.6.11

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

jenkins

cosmic	dne
bionic	dne
artful	dne
zesty	dne
yakkety	dne
xenial	dne
wily	dne
vivid	dne
utopic	dne
trusty	dne
saucy	ignored
raring	ignored
quantal	ignored
precise	ignored
oneiric	ignored
lucid	dne
hardy	dne

jenkins-winstone

cosmic	dne
bionic	dne
artful	dne
zesty	dne
yakkety	dne
xenial	dne
wily	ignored
vivid	ignored
utopic	ignored
trusty	dne
saucy	ignored
raring	ignored
quantal	ignored
precise	ignored
oneiric	ignored
lucid	dne
hardy	dne

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://rhn.redhat.com/errata/RHSA-2013-0220.html

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb

https://bugzilla.redhat.com/show_bug.cgi?id=890607

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20

http://rhn.redhat.com/errata/RHSA-2013-0220.html

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb

https://bugzilla.redhat.com/show_bug.cgi?id=890607

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20