CVE-2013-0330

Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
http://www.securityfocus.com/bid/57994
http://rhn.redhat.com/errata/RHSA-2013-0638.html
https://bugzilla.redhat.com/show_bug.cgi?id=914878
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb	Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/02/21/7

Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*

Configuration 2 (hide)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Information

Published : 2013-03-19 14:55

Updated : 2016-06-13 23:24

NVD link : CVE-2013-0330

Mitre link : CVE-2013-0330

JSON object : View

Products Affected

jenkins

jenkins

CWE

NVD-CWE-noinfo

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/57994", "name": "57994", "tags": [], "refsource": "BID"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html", "name": "RHSA-2013:0638", "tags": [], "refsource": "REDHAT"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914878", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=914878", "tags": [], "refsource": "MISC"}, {"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb", "name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/21/7", "name": "[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-0330", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-03-19T14:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.480.2"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.501"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-06-13T23:24Z"}