CVE-2013-0158
EXPLOITEDJenkins < 1.498 - Unauthenticated Cryptographic Key Exposure
Title source: llmExploitation Summary
CVE-2013-0158 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
References (10)
Core 10
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0220.html
Patch x_refsource_confirm
https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04
Patch x_refsource_confirm
https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2
Vendor Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
Patch x_refsource_confirm
https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5
Patch x_refsource_confirm
https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd
Patch x_refsource_confirm
https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/01/07/4
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=892795
Vendor Advisory x_refsource_confirm
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb
Scores
EPSS
0.0245
EPSS Percentile
82.3%
Details
VulnCheck KEV
2013-03-14
Status
published
Products (50)
cloudbees/jenkins
1.466.1.2
cloudbees/jenkins
1.466.2.1
cloudbees/jenkins
1.400
cloudbees/jenkins
1.424
cloudbees/jenkins
1.447
cloudbees/jenkins
1.447.1.1
cloudbees/jenkins
1.447.2.2
cloudbees/jenkins
1.447.3.1
cloudbees/jenkins
< 1.480.3.1
jenkins/jenkins
1.400
... and 40 more
Published
Feb 24, 2013
Tracked Since
Feb 18, 2026