National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2012-0325 Detail

Current Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.

Source:  MITRE
View Analysis Description

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 4.3 MEDIUM
Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) (V2 legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6


Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional Information:
Victim must voluntarily interact with attack mechanism
Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://jvn.jp/en/jp/JVN79950061/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb Vendor Advisory
http://www.securityfocus.com/bid/52384

Technical Details

Vulnerability Type (View All)

  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:cloudbees:jenkins
     Show Matching CPE(s)
Up to (including)
1.453
 cpe:/a:jenkins:jenkins:1.301
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.302
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.303
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.304
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.305
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.306
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.307
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.308
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.309
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.310
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.311
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.312
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.313
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.314
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.315
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.316
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.317
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.318
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.319
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.320
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.321
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.322
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.323
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.324
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.325
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.326
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.327
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.328
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.329
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.330
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.331
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.332
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.333
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.334
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.335
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.336
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.337
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.338
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.339
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.340
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.341
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.342
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.343
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.344
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.345
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.346
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.347
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.348
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.349
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.350
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.351
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.352
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.353
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.354
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.355
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.356
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.357
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.358
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.359
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.360
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.361
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.362
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.363
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.364
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.365
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.366
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.367
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.368
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.369
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.370
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.371
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.372
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.373
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.374
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.375
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.376
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.377
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.378
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.379
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.380
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.382
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.383
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.384
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.386
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.387
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.388
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.389
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.390
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.391
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.392
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.393
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.394
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.395
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.396
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.397
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.398
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.399
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.400
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.401
     Show Matching CPE(s)
 cpe:/a:jenkins:jenkins:1.402
     Show Matching CPE(s)

Configuration 2 ( hide )

Configuration 3 ( hide )

Showing 100 of 144 CPEs, view all CPEs here.

Change History

142 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2012-0325
NVD Published Date:
03/09/2012
NVD Last Modified:
10/30/2018