fkie_cve-2013-6372
Vulnerability from fkie_nvd
Published
2014-05-08 14:29
Modified
2025-04-12 10:46
Severity ?
Summary
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0C3967-1BE4-4EC0-802A-B98BAB066CAF",
"versionEndIncluding": "1.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC1BA0A-4F44-41CB-BE3D-86585343A996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42130246-75B1-47A2-B712-1896519E0615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB4F6BB-5C75-43FB-AAD6-948A499BE9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93379312-B9F0-4CD6-8E75-6D21EDBA1494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17A34AB1-C2CC-46B4-BD0A-847341D38412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C80B65A-FA53-4ACA-A1F6-61FAABA803F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A28330AB-CC93-460D-B984-1D0F77BB2545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C68E121B-9509-46D8-A6B1-B38AA5BADA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F2BDADED-2AE4-4833-8B72-033C2C09783E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7FF31F-0A0F-4925-9633-90E3E96EEC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC0D710-CDBF-45C3-AE8D-48E360A3B03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B62C0E6E-F258-4E78-A37B-0AF45B73D239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D6792C3D-80B6-40D4-B004-BF79A306BFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "636C17AE-0147-4E82-843C-2974A0EF39C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FC4FDC-92DE-45C9-8027-B6C69A02DEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E470E8EB-A2D7-4986-8F68-D35FD4545BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C7AD55CE-BE53-40B8-B3D9-31767D4B336E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E91FAD18-0CA2-4B57-A879-870BBFD07A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "07CB2DDF-2FD1-4715-8AEB-4E909012E193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "118D6413-7BDE-496A-8161-79C5A65288E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6F19E-0825-43B4-B890-550EED3FB115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B73C5933-58A7-4671-B134-DCFAFBA77AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "12EC1524-3A67-4154-AAB6-49EC725F132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "33D3CC94-8466-497F-AEC2-039D4381D1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "A56D5604-CBC6-4861-9254-25FC48947EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "9F200895-2A69-44E4-9B74-63E1412FDD4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2EE14E-147B-4FB2-904B-D0A68DE6F977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "83B2328A-AB2D-488C-957E-49E44C844F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A550AEFB-C037-4E81-B2B4-1439D25A3C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C503ABFA-363E-4A9A-B972-5FB343A99BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5409FB8-67F2-4D4E-AEA3-C73063076F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "CB9F89E5-5979-4E33-BD77-96E86CA7FE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "76273F68-0A17-408E-92AF-E7314697A6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2EE5D6-2941-46CA-880B-AD0BA83F7D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7E6CDD-4D4F-465B-867A-D8B39D2785FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.35:*:*:*:*:*:*:*",
"matchCriteriaId": "200DD105-C201-4FCA-BA53-4206A1A4832D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.36:*:*:*:*:*:*:*",
"matchCriteriaId": "49FE2921-48B3-4542-8103-9C33FADFEB22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.37:*:*:*:*:*:*:*",
"matchCriteriaId": "E4921E1A-FC86-47EC-BDDC-60E502C03B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.38:*:*:*:*:*:*:*",
"matchCriteriaId": "A3739D57-F82D-4A91-8FE6-266ADBF1DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.39:*:*:*:*:*:*:*",
"matchCriteriaId": "796A7271-9C54-4E42-B447-29E4E16D21C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D5A37E-CD16-4247-9312-54B6431869CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8D20BE-9728-4683-A139-B731BEB58CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "06787176-AF45-41D8-B6A6-B38DCCAD223C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "8D5C620E-D15E-4E90-B8D5-C88105676DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "D66176AA-0758-425E-AE20-BCBB6EDD5E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "900F382D-20B0-4346-90AE-CFA44CBC9571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "63FEEF4B-BE5E-4C82-998A-D3CC50B903A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.47:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DAA19C-49C9-45F8-8341-90FA703B154F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "74879497-35C7-49C1-A6ED-8A9B759A2FC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.49:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDC2FC4-A7E0-4843-A5E2-E266E66A1F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8C4807-C0A5-437E-A0E2-10A6768918E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.51:*:*:*:*:*:*:*",
"matchCriteriaId": "074EB173-1F65-4203-90AA-0164C2C32E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.52:*:*:*:*:*:*:*",
"matchCriteriaId": "60F81CAB-203F-4625-833A-46302CBCE2F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file."
},
{
"lang": "es",
"value": "El plugin Subversion anterior a 1.54 para Jenkins almacena credenciales utilizando codificaci\u00f3n base64, lo que permite a usuarios locales obtener contrase\u00f1as y claves privadas SSH mediante la lectura de un archivo subversion.credentials."
}
],
"id": "CVE-2013-6372",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-08T14:29:11.940",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032391"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…