Strix
26.1K

CVE-2012-6074

UnknownEPSS 1.41%

Last modified

CVE-2012-6074 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.. EPSS estimates a 1.41% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.

Metrics

EPSS Probability
1.41%

69.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CloudbeesJenkins<= 1.480.3.1
JenkinsJenkins1.400
JenkinsJenkins1.401
JenkinsJenkins1.402
JenkinsJenkins1.403
JenkinsJenkins1.404
JenkinsJenkins1.405
JenkinsJenkins1.406
JenkinsJenkins1.407
JenkinsJenkins1.408
JenkinsJenkins1.409
JenkinsJenkins1.410
JenkinsJenkins1.411
JenkinsJenkins1.412
JenkinsJenkins1.413
JenkinsJenkins1.414
JenkinsJenkins1.415
JenkinsJenkins1.416
JenkinsJenkins1.417
JenkinsJenkins1.418
JenkinsJenkins1.419
JenkinsJenkins1.420
JenkinsJenkins1.421
JenkinsJenkins1.422
JenkinsJenkins1.423
JenkinsJenkins1.424
JenkinsJenkins1.425
JenkinsJenkins1.426
JenkinsJenkins1.427
JenkinsJenkins1.428
JenkinsJenkins1.429
JenkinsJenkins1.430
JenkinsJenkins1.431
JenkinsJenkins1.432
JenkinsJenkins1.433
JenkinsJenkins1.434
JenkinsJenkins1.435
JenkinsJenkins1.436
JenkinsJenkins1.437
CloudbeesJenkins1.447.1.1
CloudbeesJenkins1.447.2.2
CloudbeesJenkins1.447.3.1
CloudbeesJenkins1.424.0.2
CloudbeesJenkins1.424.0.4
CloudbeesJenkins1.424.1.1
CloudbeesJenkins1.424.2.1
CloudbeesJenkins1.424.4.1
CloudbeesJenkins1.424.5.1
CloudbeesJenkins1.424.6.1
CloudbeesJenkins1.424.6.11

Showing 50 of 68 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-6074?
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
How severe is CVE-2012-6074?
Severity scoring for CVE-2012-6074 is pending analysis. The EPSS model estimates a 1.41% probability of exploitation in the next 30 days.
How do I fix CVE-2012-6074?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-6074?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST