Strix
26.1K

CVE-2012-0324

UnknownEPSS 1.14%

Last modified

CVE-2012-0324 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.. EPSS estimates a 1.14% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.

Metrics

EPSS Probability
1.14%

62.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CloudbeesJenkins1.400
CloudbeesJenkins1.400.0.12
CloudbeesJenkins1.424
CloudbeesJenkins1.424.5
CloudbeesJenkins<= 1.453
JenkinsJenkins1.301
JenkinsJenkins1.302
JenkinsJenkins1.303
JenkinsJenkins1.304
JenkinsJenkins1.305
JenkinsJenkins1.306
JenkinsJenkins1.307
JenkinsJenkins1.308
JenkinsJenkins1.309
JenkinsJenkins1.310
JenkinsJenkins1.311
JenkinsJenkins1.312
JenkinsJenkins1.313
JenkinsJenkins1.314
JenkinsJenkins1.315
JenkinsJenkins1.316
JenkinsJenkins1.317
JenkinsJenkins1.318
JenkinsJenkins1.319
JenkinsJenkins1.320
JenkinsJenkins1.321
JenkinsJenkins1.322
JenkinsJenkins1.323
JenkinsJenkins1.324
JenkinsJenkins1.325
JenkinsJenkins1.326
JenkinsJenkins1.327
JenkinsJenkins1.328
JenkinsJenkins1.329
JenkinsJenkins1.330
JenkinsJenkins1.331
JenkinsJenkins1.332
JenkinsJenkins1.333
JenkinsJenkins1.334
JenkinsJenkins1.335
JenkinsJenkins1.336
JenkinsJenkins1.337
JenkinsJenkins1.338
JenkinsJenkins1.339
JenkinsJenkins1.340
JenkinsJenkins1.341
JenkinsJenkins1.342
JenkinsJenkins1.343
JenkinsJenkins1.344
JenkinsJenkins1.345

Showing 50 of 142 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-0324?
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.
How severe is CVE-2012-0324?
Severity scoring for CVE-2012-0324 is pending analysis. The EPSS model estimates a 1.14% probability of exploitation in the next 30 days.
How do I fix CVE-2012-0324?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-0324?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST