CVE-2013-0158 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.481 <1.498 || >=0 <1.480.2

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00653 pctl0.70008

Details

Jenkins allows attackers to obtain the master cryptographic key Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.

Metadata

Created: 2022-05-05T02:48:30Z
Modified: 2024-03-06T15:23:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jwfr-h6jp-9p2g/GHSA-jwfr-h6jp-9p2g.json
CWE IDs: []
Alternative ID: GHSA-jwfr-h6jp-9p2g
Finding: F038
Auto approve: 1