CVE-2013-0330

Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2013-0638.html
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb	Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/02/21/7
http://www.securityfocus.com/bid/57994
https://bugzilla.redhat.com/show_bug.cgi?id=914878
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16

Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*

Configuration 2 (hide)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-03-19 14:55

Updated : 2016-06-13 23:24

NVD link : CVE-2013-0330

Mitre link : CVE-2013-0330

CVE.ORG link : CVE-2013-0330

JSON object : View

Products Affected

jenkins

jenkins

CWE

NVD-CWE-noinfo

{"id": "CVE-2013-0330", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-19T14:55:02.833", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html", "source": "secalert@redhat.com"}, {"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/21/7", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/57994", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914878", "source": "secalert@redhat.com"}, {"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a usuarios remotos autenticados con acceso de escritura construir trabajos arbitrarios a trav\u00e9s de vectores de ataque desconocidos."}], "lastModified": "2016-06-13T23:24:06.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "BE5658A1-4CC2-4F73-BBD9-63B7A82CD78C", "versionEndIncluding": "1.480.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5815F006-F668-40CD-B26C-AF3F9AD2C7F9", "versionEndIncluding": "1.501"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}