Main Vulnerability Database Vulnerabilities #VU43055

#VU43055 Input validation error in Jenkins - CVE-2012-6072

Published: February 25, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU43055

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-6072

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Jenkins

Software vendor:
Jenkins

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Remediation

Install update from vendor's website.

External links

http://rhn.redhat.com/errata/RHSA-2013-0220.html
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
https://bugzilla.redhat.com/show_bug.cgi?id=890607
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20