CVE-2013-6372

{"id": "CVE-2013-6372", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-08T14:29:11.940", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032391", "source": "secalert@redhat.com"}, {"url": "https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032391", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file."}, {"lang": "es", "value": "El plugin Subversion anterior a 1.54 para Jenkins almacena credenciales utilizando codificaci\u00f3n base64, lo que permite a usuarios locales obtener contrase\u00f1as y claves privadas SSH mediante la lectura de un archivo subversion.credentials."}], "lastModified": "2024-11-21T01:59:05.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A0C3967-1BE4-4EC0-802A-B98BAB066CAF", "versionEndIncluding": "1.53"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFC1BA0A-4F44-41CB-BE3D-86585343A996"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42130246-75B1-47A2-B712-1896519E0615"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADB4F6BB-5C75-43FB-AAD6-948A499BE9D5"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93379312-B9F0-4CD6-8E75-6D21EDBA1494"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17A34AB1-C2CC-46B4-BD0A-847341D38412"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C80B65A-FA53-4ACA-A1F6-61FAABA803F0"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A28330AB-CC93-460D-B984-1D0F77BB2545"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C68E121B-9509-46D8-A6B1-B38AA5BADA58"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2BDADED-2AE4-4833-8B72-033C2C09783E"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D7FF31F-0A0F-4925-9633-90E3E96EEC00"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BC0D710-CDBF-45C3-AE8D-48E360A3B03E"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B62C0E6E-F258-4E78-A37B-0AF45B73D239"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6792C3D-80B6-40D4-B004-BF79A306BFBC"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "636C17AE-0147-4E82-843C-2974A0EF39C4"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0FC4FDC-92DE-45C9-8027-B6C69A02DEB9"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E470E8EB-A2D7-4986-8F68-D35FD4545BAC"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7AD55CE-BE53-40B8-B3D9-31767D4B336E"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E91FAD18-0CA2-4B57-A879-870BBFD07A03"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07CB2DDF-2FD1-4715-8AEB-4E909012E193"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "118D6413-7BDE-496A-8161-79C5A65288E8"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03A6F19E-0825-43B4-B890-550EED3FB115"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B73C5933-58A7-4671-B134-DCFAFBA77AEC"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12EC1524-3A67-4154-AAB6-49EC725F132F"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33D3CC94-8466-497F-AEC2-039D4381D1B0"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A56D5604-CBC6-4861-9254-25FC48947EAD"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F200895-2A69-44E4-9B74-63E1412FDD4D"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E2EE14E-147B-4FB2-904B-D0A68DE6F977"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B2328A-AB2D-488C-957E-49E44C844F2D"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A550AEFB-C037-4E81-B2B4-1439D25A3C35"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C503ABFA-363E-4A9A-B972-5FB343A99BD6"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5409FB8-67F2-4D4E-AEA3-C73063076F20"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB9F89E5-5979-4E33-BD77-96E86CA7FE6B"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76273F68-0A17-408E-92AF-E7314697A6C3"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD2EE5D6-2941-46CA-880B-AD0BA83F7D74"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B7E6CDD-4D4F-465B-867A-D8B39D2785FB"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "200DD105-C201-4FCA-BA53-4206A1A4832D"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49FE2921-48B3-4542-8103-9C33FADFEB22"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4921E1A-FC86-47EC-BDDC-60E502C03B01"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3739D57-F82D-4A91-8FE6-266ADBF1DE97"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "796A7271-9C54-4E42-B447-29E4E16D21C2"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3D5A37E-CD16-4247-9312-54B6431869CA"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB8D20BE-9728-4683-A139-B731BEB58CAB"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06787176-AF45-41D8-B6A6-B38DCCAD223C"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.43:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D5C620E-D15E-4E90-B8D5-C88105676DEA"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.44:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D66176AA-0758-425E-AE20-BCBB6EDD5E27"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.45:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "900F382D-20B0-4346-90AE-CFA44CBC9571"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.46:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63FEEF4B-BE5E-4C82-998A-D3CC50B903A7"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.47:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3DAA19C-49C9-45F8-8341-90FA703B154F"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.48:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74879497-35C7-49C1-A6ED-8A9B759A2FC8"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBDC2FC4-A7E0-4843-A5E2-E266E66A1F64"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E8C4807-C0A5-437E-A0E2-10A6768918E7"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "074EB173-1F65-4203-90AA-0164C2C32E56"}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.52:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60F81CAB-203F-4625-833A-46302CBCE2F5"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}