CVE-2013-6372

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
jenkins-cisubversion-plugin
𝑥
≤ 1.53
jenkins-cisubversion-plugin
1.0
jenkins-cisubversion-plugin
1.1
jenkins-cisubversion-plugin
1.2
jenkins-cisubversion-plugin
1.3
jenkins-cisubversion-plugin
1.4
jenkins-cisubversion-plugin
1.5
jenkins-cisubversion-plugin
1.6
jenkins-cisubversion-plugin
1.7
jenkins-cisubversion-plugin
1.8
jenkins-cisubversion-plugin
1.9
jenkins-cisubversion-plugin
1.10
jenkins-cisubversion-plugin
1.11
jenkins-cisubversion-plugin
1.12
jenkins-cisubversion-plugin
1.13
jenkins-cisubversion-plugin
1.14
jenkins-cisubversion-plugin
1.15
jenkins-cisubversion-plugin
1.16
jenkins-cisubversion-plugin
1.17
jenkins-cisubversion-plugin
1.18
jenkins-cisubversion-plugin
1.19
jenkins-cisubversion-plugin
1.20
jenkins-cisubversion-plugin
1.21
jenkins-cisubversion-plugin
1.22
jenkins-cisubversion-plugin
1.23
jenkins-cisubversion-plugin
1.24
jenkins-cisubversion-plugin
1.25
jenkins-cisubversion-plugin
1.26
jenkins-cisubversion-plugin
1.27
jenkins-cisubversion-plugin
1.28
jenkins-cisubversion-plugin
1.29
jenkins-cisubversion-plugin
1.30
jenkins-cisubversion-plugin
1.31
jenkins-cisubversion-plugin
1.32
jenkins-cisubversion-plugin
1.33
jenkins-cisubversion-plugin
1.34
jenkins-cisubversion-plugin
1.35
jenkins-cisubversion-plugin
1.36
jenkins-cisubversion-plugin
1.37
jenkins-cisubversion-plugin
1.38
jenkins-cisubversion-plugin
1.39
jenkins-cisubversion-plugin
1.40
jenkins-cisubversion-plugin
1.41
jenkins-cisubversion-plugin
1.42
jenkins-cisubversion-plugin
1.43
jenkins-cisubversion-plugin
1.44
jenkins-cisubversion-plugin
1.45
jenkins-cisubversion-plugin
1.46
jenkins-cisubversion-plugin
1.47
jenkins-cisubversion-plugin
1.48
jenkins-cisubversion-plugin
1.49
jenkins-cisubversion-plugin
1.50
jenkins-cisubversion-plugin
1.51
jenkins-cisubversion-plugin
1.52
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jenkins
trusty
dne
saucy
not-affected
quantal
not-affected
precise
not-affected
lucid
dne
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1032391
https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
https://bugzilla.redhat.com/show_bug.cgi?id=1032391
https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20