CVE-2012-6073
EPSS 0.14%Jenkins affected by Open Redirect Vulnerability
發布日:2022/5/14修改日:2025/3/13
描述
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
受影響套件(1)
- Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 1.480.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-6073
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-0220.html
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=890608
- WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
- WEBhttp://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
- WEBhttp://www.openwall.com/lists/oss-security/2012/12/28/1