CVE-2012-6074: XSS
First published: Fri Dec 28 2012(Updated: )
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins | <=1.480.3.1 | |
| Jenkins LTS | =1.400 | |
| Jenkins LTS | =1.401 | |
| Jenkins LTS | =1.402 | |
| Jenkins LTS | =1.403 | |
| Jenkins LTS | =1.404 | |
| Jenkins LTS | =1.405 | |
| Jenkins LTS | =1.406 | |
| Jenkins LTS | =1.407 | |
| Jenkins LTS | =1.408 | |
| Jenkins LTS | =1.409 | |
| Jenkins LTS | =1.410 | |
| Jenkins LTS | =1.411 | |
| Jenkins LTS | =1.412 | |
| Jenkins LTS | =1.413 | |
| Jenkins LTS | =1.414 | |
| Jenkins LTS | =1.415 | |
| Jenkins LTS | =1.416 | |
| Jenkins LTS | =1.417 | |
| Jenkins LTS | =1.418 | |
| Jenkins LTS | =1.419 | |
| Jenkins LTS | =1.420 | |
| Jenkins LTS | =1.421 | |
| Jenkins LTS | =1.422 | |
| Jenkins LTS | =1.423 | |
| Jenkins LTS | =1.424 | |
| Jenkins LTS | =1.425 | |
| Jenkins LTS | =1.426 | |
| Jenkins LTS | =1.427 | |
| Jenkins LTS | =1.428 | |
| Jenkins LTS | =1.429 | |
| Jenkins LTS | =1.430 | |
| Jenkins LTS | =1.431 | |
| Jenkins LTS | =1.432 | |
| Jenkins LTS | =1.433 | |
| Jenkins LTS | =1.434 | |
| Jenkins LTS | =1.435 | |
| Jenkins LTS | =1.436 | |
| Jenkins LTS | =1.437 | |
| Jenkins | =1.447.1.1 | |
| Jenkins | =1.447.2.2 | |
| Jenkins | =1.447.3.1 | |
| Jenkins | =1.424.0.2 | |
| Jenkins | =1.424.0.4 | |
| Jenkins | =1.424.1.1 | |
| Jenkins | =1.424.2.1 | |
| Jenkins | =1.424.4.1 | |
| Jenkins | =1.424.5.1 | |
| Jenkins | =1.424.6.1 | |
| Jenkins | =1.424.6.11 | |
| Jenkins | =1.466.1.2 | |
| Jenkins | =1.466.2.1 | |
| Jenkins | =1.400 | |
| Jenkins | =1.424 | |
| Jenkins | =1.447 | |
| Jenkins LTS | <=1.466.2 | |
| Jenkins LTS | =1.409.1 | |
| Jenkins LTS | =1.409.2 | |
| Jenkins LTS | =1.409.3 | |
| Jenkins LTS | =1.424.1 | |
| Jenkins LTS | =1.424.2 | |
| Jenkins LTS | =1.424.3 | |
| Jenkins LTS | =1.424.4 | |
| Jenkins LTS | =1.424.5 | |
| Jenkins LTS | =1.424.6 | |
| Jenkins LTS | =1.447.1 | |
| Jenkins LTS | =1.447.2 | |
| Jenkins LTS | =1.466.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2013-0220.html
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
- http://www.openwall.com/lists/oss-security/2012/12/28/1
- https://bugzilla.redhat.com/show_bug.cgi?id=890612
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
Frequently Asked Questions
What is the severity of CVE-2012-6074?
The severity of CVE-2012-6074 is classified as moderate, posing a cross-site scripting (XSS) risk to affected Jenkins versions.
How do I fix CVE-2012-6074?
To fix CVE-2012-6074, upgrade Jenkins to versions 1.491 or later, or the corresponding Jenkins LTS versions that address this vulnerability.
Which Jenkins versions are affected by CVE-2012-6074?
CVE-2012-6074 affects Jenkins versions before 1.491, Jenkins LTS before 1.480.1, and specific Jenkins Enterprise versions indicated in its details.
What are the potential impacts of CVE-2012-6074?
The potential impacts of CVE-2012-6074 include unauthorized script injection, which could lead to data exposure and session hijacking.
Is CVE-2012-6074 a remote exploitation vulnerability?
Yes, CVE-2012-6074 allows remote authenticated users with write access to exploit the vulnerability for injecting arbitrary web scripts or HTML.
- agent/type
- agent/first-publish-date
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-6074
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cloudbees
- canonical/jenkins
- version/jenkins/1.480.3.1
- vendor/jenkins
- canonical/jenkins lts
- version/jenkins lts/1.400
- version/jenkins lts/1.401
- version/jenkins lts/1.402
- version/jenkins lts/1.403
- version/jenkins lts/1.404
- version/jenkins lts/1.405
- version/jenkins lts/1.406
- version/jenkins lts/1.407
- version/jenkins lts/1.408
- version/jenkins lts/1.409
- version/jenkins lts/1.410
- version/jenkins lts/1.411
- version/jenkins lts/1.412
- version/jenkins lts/1.413
- version/jenkins lts/1.414
- version/jenkins lts/1.415
- version/jenkins lts/1.416
- version/jenkins lts/1.417
- version/jenkins lts/1.418
- version/jenkins lts/1.419
- version/jenkins lts/1.420
- version/jenkins lts/1.421
- version/jenkins lts/1.422
- version/jenkins lts/1.423
- version/jenkins lts/1.424
- version/jenkins lts/1.425
- version/jenkins lts/1.426
- version/jenkins lts/1.427
- version/jenkins lts/1.428
- version/jenkins lts/1.429
- version/jenkins lts/1.430
- version/jenkins lts/1.431
- version/jenkins lts/1.432
- version/jenkins lts/1.433
- version/jenkins lts/1.434
- version/jenkins lts/1.435
- version/jenkins lts/1.436
- version/jenkins lts/1.437
- version/jenkins/1.447.1.1
- version/jenkins/1.447.2.2
- version/jenkins/1.447.3.1
- version/jenkins/1.424.0.2
- version/jenkins/1.424.0.4
- version/jenkins/1.424.1.1
- version/jenkins/1.424.2.1
- version/jenkins/1.424.4.1
- version/jenkins/1.424.5.1
- version/jenkins/1.424.6.1
- version/jenkins/1.424.6.11
- version/jenkins/1.466.1.2
- version/jenkins/1.466.2.1
- version/jenkins/1.400
- version/jenkins/1.424
- version/jenkins/1.447
- version/jenkins lts/1.466.2
- version/jenkins lts/1.409.1
- version/jenkins lts/1.409.2
- version/jenkins lts/1.409.3
- version/jenkins lts/1.424.1
- version/jenkins lts/1.424.2
- version/jenkins lts/1.424.3
- version/jenkins lts/1.424.4
- version/jenkins lts/1.424.5
- version/jenkins lts/1.424.6
- version/jenkins lts/1.447.1
- version/jenkins lts/1.447.2
- version/jenkins lts/1.466.1