Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qd2ZyLWg2anAtOXAyZ83iFw
Jenkins allows attackers to obtain the master cryptographic key
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
Permalink: https://github.com/advisories/GHSA-jwfr-h6jp-9p2gJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qd2ZyLWg2anAtOXAyZ83iFw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: about 2 months ago
Identifiers: GHSA-jwfr-h6jp-9p2g, CVE-2013-0158
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-0158
- https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04
- https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5
- https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602
- https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd
- https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2
- https://bugzilla.redhat.com/show_bug.cgi?id=892795
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
- http://rhn.redhat.com/errata/RHSA-2013-0220.html
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb
- http://www.openwall.com/lists/oss-security/2013/01/07/4
- https://github.com/jenkinsci/jenkins/commit/48ecccc1669f325acf72953923f9d9620b2590e3
- https://github.com/jenkinsci/jenkins/commit/56e4b6e287046e4ad2a02f8bd70225a86e74bd34
- https://github.com/jenkinsci/jenkins/commit/7983ae3baea779df18862623d594744b8d285392
- https://github.com/jenkinsci/jenkins/commit/9fb6c2ca0c73b43cc2e6d08c09707ee67005e526
- https://github.com/jenkinsci/jenkins/commit/a411b0c3b32eb314d5a26b64de1b3d5db2760443
- https://github.com/jenkinsci/jenkins/commit/e401c7cfe7b28b6ff9d0893e89c2568596b96915
- https://github.com/advisories/GHSA-jwfr-h6jp-9p2g
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: < 1.480.2, >= 1.481, < 1.498Fixed in: 1.480.2, 1.498