What is the severity of CVE-2012-6073?

CVE-2012-6073 is classified as a medium severity open redirect vulnerability.

How do I fix CVE-2012-6073?

To fix CVE-2012-6073, update Jenkins to a version that addresses the open redirect issue.

Which versions of Jenkins are affected by CVE-2012-6073?

CVE-2012-6073 affects multiple versions of Jenkins including 1.400 through 1.466.2.

Can CVE-2012-6073 allow an attacker to redirect to malicious sites?

Yes, CVE-2012-6073 allows attackers to craft URLs that redirect users to potentially harmful sites.

Is there a workaround for CVE-2012-6073 if I cannot update Jenkins?

A recommended workaround for CVE-2012-6073 is to disable features in Jenkins that utilize URL redirection.

Vulnerability/
CVE-2012-6073

medium

5.8

CWE

28/12/2012

24/2/2013

6/8/2024

CVE-2012-6073: Input Validation

First published: Fri Dec 28 2012(Updated: )

Jenkins Security Advisory 2012-11-20 The second vulnerability is so-called open redirect vulnerability. This allows an anonymous attacker to create an URL that looks as if it's pointing to Jenkins, yet it actually lands on the site that the attacker controls. This can be therefore used as a basis for phishing. Fix: Main line users should upgrade to Jenkins 1.491 LTS users should upgrade to 1.480.1 External URLs: <a href="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20">https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20</a> <a href="http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb">http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Cloudbees Jenkins	=1.447.1.1
Cloudbees Jenkins	=1.447.2.2
Cloudbees Jenkins	=1.447.3.1
Cloudbees Jenkins	=1.400
Cloudbees Jenkins	=1.424
Cloudbees Jenkins	=1.447
Jenkins Jenkins	<=1.466.2
Jenkins Jenkins	=1.409.1
Jenkins Jenkins	=1.409.2
Jenkins Jenkins	=1.409.3
Jenkins Jenkins	=1.424.1
Jenkins Jenkins	=1.424.2
Jenkins Jenkins	=1.424.3
Jenkins Jenkins	=1.424.4
Jenkins Jenkins	=1.424.5
Jenkins Jenkins	=1.424.6
Jenkins Jenkins	=1.447.1
Jenkins Jenkins	=1.447.2
Jenkins Jenkins	=1.466.1
Cloudbees Jenkins	=1.424.0.2
Cloudbees Jenkins	=1.424.0.4
Cloudbees Jenkins	=1.424.1.1
Cloudbees Jenkins	=1.424.2.1
Cloudbees Jenkins	=1.424.4.1
Cloudbees Jenkins	=1.424.5.1
Cloudbees Jenkins	=1.424.6.1
Cloudbees Jenkins	=1.424.6.11
Cloudbees Jenkins	<=1.480.3.1
Jenkins Jenkins	=1.400
Jenkins Jenkins	=1.401
Jenkins Jenkins	=1.402
Jenkins Jenkins	=1.403
Jenkins Jenkins	=1.404
Jenkins Jenkins	=1.405
Jenkins Jenkins	=1.406
Jenkins Jenkins	=1.407
Jenkins Jenkins	=1.408
Jenkins Jenkins	=1.409
Jenkins Jenkins	=1.410
Jenkins Jenkins	=1.411
Jenkins Jenkins	=1.412
Jenkins Jenkins	=1.413
Jenkins Jenkins	=1.414
Jenkins Jenkins	=1.415
Jenkins Jenkins	=1.416
Jenkins Jenkins	=1.417
Jenkins Jenkins	=1.418
Jenkins Jenkins	=1.419
Jenkins Jenkins	=1.420
Jenkins Jenkins	=1.421
Jenkins Jenkins	=1.422
Jenkins Jenkins	=1.423
Jenkins Jenkins	=1.424
Jenkins Jenkins	=1.425
Jenkins Jenkins	=1.426
Jenkins Jenkins	=1.427
Jenkins Jenkins	=1.428
Jenkins Jenkins	=1.429
Jenkins Jenkins	=1.430
Jenkins Jenkins	=1.431
Jenkins Jenkins	=1.432
Jenkins Jenkins	=1.433
Jenkins Jenkins	=1.434
Jenkins Jenkins	=1.435
Jenkins Jenkins	=1.436
Jenkins Jenkins	=1.437
Cloudbees Jenkins	=1.466.1.2
Cloudbees Jenkins	=1.466.2.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-6073?
CVE-2012-6073 is classified as a medium severity open redirect vulnerability.
How do I fix CVE-2012-6073?
To fix CVE-2012-6073, update Jenkins to a version that addresses the open redirect issue.
Which versions of Jenkins are affected by CVE-2012-6073?
CVE-2012-6073 affects multiple versions of Jenkins including 1.400 through 1.466.2.
Can CVE-2012-6073 allow an attacker to redirect to malicious sites?
Yes, CVE-2012-6073 allows attackers to craft URLs that redirect users to potentially harmful sites.
Is there a workaround for CVE-2012-6073 if I cannot update Jenkins?
A recommended workaround for CVE-2012-6073 is to disable features in Jenkins that utilize URL redirection.

collector/nvd-index
agent/type
agent/softwarecombine
agent/first-publish-date
agent/references
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2012-6073
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/event
agent/description
agent/trending
agent/tags
agent/source
vendor/cloudbees
canonical/cloudbees jenkins
version/cloudbees jenkins/1.447.1.1
version/cloudbees jenkins/1.447.2.2
version/cloudbees jenkins/1.447.3.1
version/cloudbees jenkins/1.400
version/cloudbees jenkins/1.424
version/cloudbees jenkins/1.447
vendor/jenkins
canonical/jenkins jenkins
version/jenkins jenkins/1.466.2
version/jenkins jenkins/1.409.1
version/jenkins jenkins/1.409.2
version/jenkins jenkins/1.409.3
version/jenkins jenkins/1.424.1
version/jenkins jenkins/1.424.2
version/jenkins jenkins/1.424.3
version/jenkins jenkins/1.424.4
version/jenkins jenkins/1.424.5
version/jenkins jenkins/1.424.6
version/jenkins jenkins/1.447.1
version/jenkins jenkins/1.447.2
version/jenkins jenkins/1.466.1
version/cloudbees jenkins/1.424.0.2
version/cloudbees jenkins/1.424.0.4
version/cloudbees jenkins/1.424.1.1
version/cloudbees jenkins/1.424.2.1
version/cloudbees jenkins/1.424.4.1
version/cloudbees jenkins/1.424.5.1
version/cloudbees jenkins/1.424.6.1
version/cloudbees jenkins/1.424.6.11
version/cloudbees jenkins/1.480.3.1
version/jenkins jenkins/1.400
version/jenkins jenkins/1.401
version/jenkins jenkins/1.402
version/jenkins jenkins/1.403
version/jenkins jenkins/1.404
version/jenkins jenkins/1.405
version/jenkins jenkins/1.406
version/jenkins jenkins/1.407
version/jenkins jenkins/1.408
version/jenkins jenkins/1.409
version/jenkins jenkins/1.410
version/jenkins jenkins/1.411
version/jenkins jenkins/1.412
version/jenkins jenkins/1.413
version/jenkins jenkins/1.414
version/jenkins jenkins/1.415
version/jenkins jenkins/1.416
version/jenkins jenkins/1.417
version/jenkins jenkins/1.418
version/jenkins jenkins/1.419
version/jenkins jenkins/1.420
version/jenkins jenkins/1.421
version/jenkins jenkins/1.422
version/jenkins jenkins/1.423
version/jenkins jenkins/1.424
version/jenkins jenkins/1.425
version/jenkins jenkins/1.426
version/jenkins jenkins/1.427
version/jenkins jenkins/1.428
version/jenkins jenkins/1.429
version/jenkins jenkins/1.430
version/jenkins jenkins/1.431
version/jenkins jenkins/1.432
version/jenkins jenkins/1.433
version/jenkins jenkins/1.434
version/jenkins jenkins/1.435
version/jenkins jenkins/1.436
version/jenkins jenkins/1.437
version/cloudbees jenkins/1.466.1.2
version/cloudbees jenkins/1.466.2.1

CVE-2012-6073: Input Validation

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-6073?

How do I fix CVE-2012-6073?

Which versions of Jenkins are affected by CVE-2012-6073?

Can CVE-2012-6073 allow an attacker to redirect to malicious sites?

Is there a workaround for CVE-2012-6073 if I cannot update Jenkins?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2012-6073?

How do I fix CVE-2012-6073?

Which versions of Jenkins are affected by CVE-2012-6073?

Can CVE-2012-6073 allow an attacker to redirect to malicious sites?

Is there a workaround for CVE-2012-6073 if I cannot update Jenkins?