What is the severity of CVE-2012-6074?

The severity of CVE-2012-6074 is classified as moderate, posing a cross-site scripting (XSS) risk to affected Jenkins versions.

How do I fix CVE-2012-6074?

To fix CVE-2012-6074, upgrade Jenkins to versions 1.491 or later, or the corresponding Jenkins LTS versions that address this vulnerability.

Which Jenkins versions are affected by CVE-2012-6074?

CVE-2012-6074 affects Jenkins versions before 1.491, Jenkins LTS before 1.480.1, and specific Jenkins Enterprise versions indicated in its details.

What are the potential impacts of CVE-2012-6074?

The potential impacts of CVE-2012-6074 include unauthorized script injection, which could lead to data exposure and session hijacking.

Is CVE-2012-6074 a remote exploitation vulnerability?

Yes, CVE-2012-6074 allows remote authenticated users with write access to exploit the vulnerability for injecting arbitrary web scripts or HTML.

Vulnerability/
CVE-2012-6074

low

3.5

CWE

28/12/2012

24/2/2013

6/8/2024

CVE-2012-6074: XSS

First published: Fri Dec 28 2012(Updated: )

Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Cloudbees Jenkins	<=1.480.3.1
Jenkins Jenkins	=1.400
Jenkins Jenkins	=1.401
Jenkins Jenkins	=1.402
Jenkins Jenkins	=1.403
Jenkins Jenkins	=1.404
Jenkins Jenkins	=1.405
Jenkins Jenkins	=1.406
Jenkins Jenkins	=1.407
Jenkins Jenkins	=1.408
Jenkins Jenkins	=1.409
Jenkins Jenkins	=1.410
Jenkins Jenkins	=1.411
Jenkins Jenkins	=1.412
Jenkins Jenkins	=1.413
Jenkins Jenkins	=1.414
Jenkins Jenkins	=1.415
Jenkins Jenkins	=1.416
Jenkins Jenkins	=1.417
Jenkins Jenkins	=1.418
Jenkins Jenkins	=1.419
Jenkins Jenkins	=1.420
Jenkins Jenkins	=1.421
Jenkins Jenkins	=1.422
Jenkins Jenkins	=1.423
Jenkins Jenkins	=1.424
Jenkins Jenkins	=1.425
Jenkins Jenkins	=1.426
Jenkins Jenkins	=1.427
Jenkins Jenkins	=1.428
Jenkins Jenkins	=1.429
Jenkins Jenkins	=1.430
Jenkins Jenkins	=1.431
Jenkins Jenkins	=1.432
Jenkins Jenkins	=1.433
Jenkins Jenkins	=1.434
Jenkins Jenkins	=1.435
Jenkins Jenkins	=1.436
Jenkins Jenkins	=1.437
Cloudbees Jenkins	=1.447.1.1
Cloudbees Jenkins	=1.447.2.2
Cloudbees Jenkins	=1.447.3.1
Cloudbees Jenkins	=1.424.0.2
Cloudbees Jenkins	=1.424.0.4
Cloudbees Jenkins	=1.424.1.1
Cloudbees Jenkins	=1.424.2.1
Cloudbees Jenkins	=1.424.4.1
Cloudbees Jenkins	=1.424.5.1
Cloudbees Jenkins	=1.424.6.1
Cloudbees Jenkins	=1.424.6.11
Cloudbees Jenkins	=1.466.1.2
Cloudbees Jenkins	=1.466.2.1
Cloudbees Jenkins	=1.400
Cloudbees Jenkins	=1.424
Cloudbees Jenkins	=1.447
Jenkins Jenkins	<=1.466.2
Jenkins Jenkins	=1.409.1
Jenkins Jenkins	=1.409.2
Jenkins Jenkins	=1.409.3
Jenkins Jenkins	=1.424.1
Jenkins Jenkins	=1.424.2
Jenkins Jenkins	=1.424.3
Jenkins Jenkins	=1.424.4
Jenkins Jenkins	=1.424.5
Jenkins Jenkins	=1.424.6
Jenkins Jenkins	=1.447.1
Jenkins Jenkins	=1.447.2
Jenkins Jenkins	=1.466.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-6074?
The severity of CVE-2012-6074 is classified as moderate, posing a cross-site scripting (XSS) risk to affected Jenkins versions.
How do I fix CVE-2012-6074?
To fix CVE-2012-6074, upgrade Jenkins to versions 1.491 or later, or the corresponding Jenkins LTS versions that address this vulnerability.
Which Jenkins versions are affected by CVE-2012-6074?
CVE-2012-6074 affects Jenkins versions before 1.491, Jenkins LTS before 1.480.1, and specific Jenkins Enterprise versions indicated in its details.
What are the potential impacts of CVE-2012-6074?
The potential impacts of CVE-2012-6074 include unauthorized script injection, which could lead to data exposure and session hijacking.
Is CVE-2012-6074 a remote exploitation vulnerability?
Yes, CVE-2012-6074 allows remote authenticated users with write access to exploit the vulnerability for injecting arbitrary web scripts or HTML.

collector/nvd-index
agent/type
agent/softwarecombine
agent/first-publish-date
agent/references
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2012-6074
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/event
agent/description
agent/trending
agent/tags
agent/source
vendor/cloudbees
canonical/cloudbees jenkins
version/cloudbees jenkins/1.480.3.1
vendor/jenkins
canonical/jenkins jenkins
version/jenkins jenkins/1.400
version/jenkins jenkins/1.401
version/jenkins jenkins/1.402
version/jenkins jenkins/1.403
version/jenkins jenkins/1.404
version/jenkins jenkins/1.405
version/jenkins jenkins/1.406
version/jenkins jenkins/1.407
version/jenkins jenkins/1.408
version/jenkins jenkins/1.409
version/jenkins jenkins/1.410
version/jenkins jenkins/1.411
version/jenkins jenkins/1.412
version/jenkins jenkins/1.413
version/jenkins jenkins/1.414
version/jenkins jenkins/1.415
version/jenkins jenkins/1.416
version/jenkins jenkins/1.417
version/jenkins jenkins/1.418
version/jenkins jenkins/1.419
version/jenkins jenkins/1.420
version/jenkins jenkins/1.421
version/jenkins jenkins/1.422
version/jenkins jenkins/1.423
version/jenkins jenkins/1.424
version/jenkins jenkins/1.425
version/jenkins jenkins/1.426
version/jenkins jenkins/1.427
version/jenkins jenkins/1.428
version/jenkins jenkins/1.429
version/jenkins jenkins/1.430
version/jenkins jenkins/1.431
version/jenkins jenkins/1.432
version/jenkins jenkins/1.433
version/jenkins jenkins/1.434
version/jenkins jenkins/1.435
version/jenkins jenkins/1.436
version/jenkins jenkins/1.437
version/cloudbees jenkins/1.447.1.1
version/cloudbees jenkins/1.447.2.2
version/cloudbees jenkins/1.447.3.1
version/cloudbees jenkins/1.424.0.2
version/cloudbees jenkins/1.424.0.4
version/cloudbees jenkins/1.424.1.1
version/cloudbees jenkins/1.424.2.1
version/cloudbees jenkins/1.424.4.1
version/cloudbees jenkins/1.424.5.1
version/cloudbees jenkins/1.424.6.1
version/cloudbees jenkins/1.424.6.11
version/cloudbees jenkins/1.466.1.2
version/cloudbees jenkins/1.466.2.1
version/cloudbees jenkins/1.400
version/cloudbees jenkins/1.424
version/cloudbees jenkins/1.447
version/jenkins jenkins/1.466.2
version/jenkins jenkins/1.409.1
version/jenkins jenkins/1.409.2
version/jenkins jenkins/1.409.3
version/jenkins jenkins/1.424.1
version/jenkins jenkins/1.424.2
version/jenkins jenkins/1.424.3
version/jenkins jenkins/1.424.4
version/jenkins jenkins/1.424.5
version/jenkins jenkins/1.424.6
version/jenkins jenkins/1.447.1
version/jenkins jenkins/1.447.2
version/jenkins jenkins/1.466.1

CVE-2012-6074: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-6074?

How do I fix CVE-2012-6074?

Which Jenkins versions are affected by CVE-2012-6074?

What are the potential impacts of CVE-2012-6074?

Is CVE-2012-6074 a remote exploitation vulnerability?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2012-6074?

How do I fix CVE-2012-6074?

Which Jenkins versions are affected by CVE-2012-6074?

What are the potential impacts of CVE-2012-6074?

Is CVE-2012-6074 a remote exploitation vulnerability?