CVE-2012-6073 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <1.480.1 || >=1.481 <1.491

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0026 pctl0.49138

Details

Jenkins affected by Open Redirect Vulnerability Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Metadata

Created: 2022-05-14T02:13:37Z
Modified: 2025-03-13T17:56:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mqgf-4rw4-2cq2/GHSA-mqgf-4rw4-2cq2.json
CWE IDs: ["CWE-20", "CWE-601"]
Alternative ID: GHSA-mqgf-4rw4-2cq2
Finding: F156
Auto approve: 1