CVE-2013-0158

Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
cloudbeesjenkins
𝑥
≤ 1.480.3.1
jenkinsjenkins
1.400
jenkinsjenkins
1.401
jenkinsjenkins
1.402
jenkinsjenkins
1.403
jenkinsjenkins
1.404
jenkinsjenkins
1.405
jenkinsjenkins
1.406
jenkinsjenkins
1.407
jenkinsjenkins
1.408
jenkinsjenkins
1.409
jenkinsjenkins
1.410
jenkinsjenkins
1.411
jenkinsjenkins
1.412
jenkinsjenkins
1.413
jenkinsjenkins
1.414
jenkinsjenkins
1.415
jenkinsjenkins
1.416
jenkinsjenkins
1.417
jenkinsjenkins
1.418
jenkinsjenkins
1.419
jenkinsjenkins
1.420
jenkinsjenkins
1.421
jenkinsjenkins
1.422
jenkinsjenkins
1.423
jenkinsjenkins
1.424
jenkinsjenkins
1.425
jenkinsjenkins
1.426
jenkinsjenkins
1.427
jenkinsjenkins
1.428
jenkinsjenkins
1.429
jenkinsjenkins
1.430
jenkinsjenkins
1.431
jenkinsjenkins
1.432
jenkinsjenkins
1.433
jenkinsjenkins
1.434
jenkinsjenkins
1.435
jenkinsjenkins
1.436
jenkinsjenkins
1.437
cloudbeesjenkins
1.466.1.2
cloudbeesjenkins
1.466.2.1
cloudbeesjenkins
1.400
cloudbeesjenkins
1.424
cloudbeesjenkins
1.447
jenkinsjenkins
𝑥
≤ 1.466.2
jenkinsjenkins
1.409.1
jenkinsjenkins
1.409.2
jenkinsjenkins
1.409.3
jenkinsjenkins
1.424.1
jenkinsjenkins
1.424.2
jenkinsjenkins
1.424.3
jenkinsjenkins
1.424.4
jenkinsjenkins
1.424.5
jenkinsjenkins
1.424.6
jenkinsjenkins
1.447.1
jenkinsjenkins
1.447.2
jenkinsjenkins
1.466.1
cloudbeesjenkins
1.447.1.1
cloudbeesjenkins
1.447.2.2
cloudbeesjenkins
1.447.3.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jenkins
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
lucid
dne
hardy
dne
References
http://rhn.redhat.com/errata/RHSA-2013-0220.html
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb
http://www.openwall.com/lists/oss-security/2013/01/07/4
https://bugzilla.redhat.com/show_bug.cgi?id=892795
https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04
https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5
https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602
https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd
https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
http://rhn.redhat.com/errata/RHSA-2013-0220.html
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb
http://www.openwall.com/lists/oss-security/2013/01/07/4
https://bugzilla.redhat.com/show_bug.cgi?id=892795
https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04
https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5
https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602
https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd
https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04