CVE-2013-6372 – org.jenkins-ci.plugins:subversion

Package

Manager: maven
Name: org.jenkins-ci.plugins:subversion
Vulnerable Version: >=0 <1.54

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00061 pctl0.19353

Details

Jenkins Subversion Plugin Stores Credentials with Base64 Encoding The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.

Metadata

Created: 2022-05-17T04:44:32Z
Modified: 2025-03-13T19:18:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c4fr-gx5w-8qf2/GHSA-c4fr-gx5w-8qf2.json
CWE IDs: ["CWE-326"]
Alternative ID: GHSA-c4fr-gx5w-8qf2
Finding: F052
Auto approve: 1