CVE-2012-6074

Cloudbees Jenkins < 1.480.3.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.

References (5)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0220.html

[Various Sources] http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb

[Vendor Advisory] https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20

[Mailing List] http://www.openwall.com/lists/oss-security/2012/12/28/1

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=890612

Scores

EPSS 0.0022

EPSS Percentile 45.0%

Details

CWE

CWE-79

Status published

Products (50)

cloudbees/jenkins < 1.480.3.1

jenkins/jenkins

jenkins/jenkins

jenkins/jenkins

jenkins/jenkins

jenkins/jenkins

jenkins/jenkins

jenkins/jenkins

jenkins/jenkins

jenkins/jenkins

... and 40 more

Published Feb 24, 2013

Tracked Since Feb 18, 2026