Vulnerability Description
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudbees | Jenkins | <= 1.480.3.1 |
| Jenkins | Jenkins | 1.400 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-0220.html
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.c
- http://www.openwall.com/lists/oss-security/2012/12/28/1
- https://bugzilla.redhat.com/show_bug.cgi?id=890612
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-2Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0220.html
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.c
- http://www.openwall.com/lists/oss-security/2012/12/28/1
- https://bugzilla.redhat.com/show_bug.cgi?id=890612
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-2Vendor Advisory
FAQ
What is CVE-2012-6074?
CVE-2012-6074 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 ...
How severe is CVE-2012-6074?
CVE-2012-6074 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6074?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudbees Jenkins, Jenkins Jenkins.