CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2012-0324

Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.
Publish Date : 2012-03-09 Last Update Date : 2012-03-12
Collapse All   Expand All   Select   Select&Copy  
Related Tweets   Even more tweets   Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

Cvss Score
4.3
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Cross Site Scripting
CWE ID 79

- Products Affected By CVE-2012-0324

# Product Type Vendor Product Version Update Edition Language
1 Application Cloudbees Jenkins 1.301 Details Vulnerabilities
2 Application Cloudbees Jenkins 1.302 Details Vulnerabilities
3 Application Cloudbees Jenkins 1.303 Details Vulnerabilities
4 Application Cloudbees Jenkins 1.304 Details Vulnerabilities
5 Application Cloudbees Jenkins 1.305 Details Vulnerabilities
6 Application Cloudbees Jenkins 1.306 Details Vulnerabilities
7 Application Cloudbees Jenkins 1.307 Details Vulnerabilities
8 Application Cloudbees Jenkins 1.308 Details Vulnerabilities
9 Application Cloudbees Jenkins 1.309 Details Vulnerabilities
10 Application Cloudbees Jenkins 1.310 Details Vulnerabilities
11 Application Cloudbees Jenkins 1.311 Details Vulnerabilities
12 Application Cloudbees Jenkins 1.312 Details Vulnerabilities
13 Application Cloudbees Jenkins 1.313 Details Vulnerabilities
14 Application Cloudbees Jenkins 1.314 Details Vulnerabilities
15 Application Cloudbees Jenkins 1.315 Details Vulnerabilities
16 Application Cloudbees Jenkins 1.316 Details Vulnerabilities
17 Application Cloudbees Jenkins 1.317 Details Vulnerabilities
18 Application Cloudbees Jenkins 1.318 Details Vulnerabilities
19 Application Cloudbees Jenkins 1.319 Details Vulnerabilities
20 Application Cloudbees Jenkins 1.320 Details Vulnerabilities
21 Application Cloudbees Jenkins 1.321 Details Vulnerabilities
22 Application Cloudbees Jenkins 1.322 Details Vulnerabilities
23 Application Cloudbees Jenkins 1.323 Details Vulnerabilities
24 Application Cloudbees Jenkins 1.324 Details Vulnerabilities
25 Application Cloudbees Jenkins 1.325 Details Vulnerabilities
26 Application Cloudbees Jenkins 1.326 Details Vulnerabilities
27 Application Cloudbees Jenkins 1.327 Details Vulnerabilities
28 Application Cloudbees Jenkins 1.328 Details Vulnerabilities
29 Application Cloudbees Jenkins 1.329 Details Vulnerabilities
30 Application Cloudbees Jenkins 1.330 Details Vulnerabilities
31 Application Cloudbees Jenkins 1.331 Details Vulnerabilities
32 Application Cloudbees Jenkins 1.332 Details Vulnerabilities
33 Application Cloudbees Jenkins 1.333 Details Vulnerabilities
34 Application Cloudbees Jenkins 1.334 Details Vulnerabilities
35 Application Cloudbees Jenkins 1.335 Details Vulnerabilities
36 Application Cloudbees Jenkins 1.336 Details Vulnerabilities
37 Application Cloudbees Jenkins 1.337 Details Vulnerabilities
38 Application Cloudbees Jenkins 1.338 Details Vulnerabilities
39 Application Cloudbees Jenkins 1.339 Details Vulnerabilities
40 Application Cloudbees Jenkins 1.340 Details Vulnerabilities
41 Application Cloudbees Jenkins 1.341 Details Vulnerabilities
42 Application Cloudbees Jenkins 1.342 Details Vulnerabilities
43 Application Cloudbees Jenkins 1.343 Details Vulnerabilities
44 Application Cloudbees Jenkins 1.344 Details Vulnerabilities
45 Application Cloudbees Jenkins 1.345 Details Vulnerabilities
46 Application Cloudbees Jenkins 1.346 Details Vulnerabilities
47 Application Cloudbees Jenkins 1.347 Details Vulnerabilities
48 Application Cloudbees Jenkins 1.348 Details Vulnerabilities
49 Application Cloudbees Jenkins 1.349 Details Vulnerabilities
50 Application Cloudbees Jenkins 1.350 Details Vulnerabilities
51 Application Cloudbees Jenkins 1.351 Details Vulnerabilities
52 Application Cloudbees Jenkins 1.352 Details Vulnerabilities
53 Application Cloudbees Jenkins 1.353 Details Vulnerabilities
54 Application Cloudbees Jenkins 1.354 Details Vulnerabilities
55 Application Cloudbees Jenkins 1.355 Details Vulnerabilities
56 Application Cloudbees Jenkins 1.356 Details Vulnerabilities
57 Application Cloudbees Jenkins 1.357 Details Vulnerabilities
58 Application Cloudbees Jenkins 1.358 Details Vulnerabilities
59 Application Cloudbees Jenkins 1.359 Details Vulnerabilities
60 Application Cloudbees Jenkins 1.360 Details Vulnerabilities
61 Application Cloudbees Jenkins 1.361 Details Vulnerabilities
62 Application Cloudbees Jenkins 1.362 Details Vulnerabilities
63 Application Cloudbees Jenkins 1.363 Details Vulnerabilities
64 Application Cloudbees Jenkins 1.364 Details Vulnerabilities
65 Application Cloudbees Jenkins 1.365 Details Vulnerabilities
66 Application Cloudbees Jenkins 1.366 Details Vulnerabilities
67 Application Cloudbees Jenkins 1.367 Details Vulnerabilities
68 Application Cloudbees Jenkins 1.368 Details Vulnerabilities
69 Application Cloudbees Jenkins 1.369 Details Vulnerabilities
70 Application Cloudbees Jenkins 1.370 Details Vulnerabilities
71 Application Cloudbees Jenkins 1.371 Details Vulnerabilities
72 Application Cloudbees Jenkins 1.372 Details Vulnerabilities
73 Application Cloudbees Jenkins 1.373 Details Vulnerabilities
74 Application Cloudbees Jenkins 1.374 Details Vulnerabilities
75 Application Cloudbees Jenkins 1.375 Details Vulnerabilities
76 Application Cloudbees Jenkins 1.376 Details Vulnerabilities
77 Application Cloudbees Jenkins 1.377 Details Vulnerabilities
78 Application Cloudbees Jenkins 1.378 Details Vulnerabilities
79 Application Cloudbees Jenkins 1.379 Details Vulnerabilities
80 Application Cloudbees Jenkins 1.380 Details Vulnerabilities
81 Application Cloudbees Jenkins 1.382 Details Vulnerabilities
82 Application Cloudbees Jenkins 1.383 Details Vulnerabilities
83 Application Cloudbees Jenkins 1.384 Details Vulnerabilities
84 Application Cloudbees Jenkins 1.386 Details Vulnerabilities
85 Application Cloudbees Jenkins 1.387 Details Vulnerabilities
86 Application Cloudbees Jenkins 1.388 Details Vulnerabilities
87 Application Cloudbees Jenkins 1.389 Details Vulnerabilities
88 Application Cloudbees Jenkins 1.390 Details Vulnerabilities
89 Application Cloudbees Jenkins 1.391 Details Vulnerabilities
90 Application Cloudbees Jenkins 1.392 Details Vulnerabilities
91 Application Cloudbees Jenkins 1.393 Details Vulnerabilities
92 Application Cloudbees Jenkins 1.394 Details Vulnerabilities
93 Application Cloudbees Jenkins 1.395 Details Vulnerabilities
94 Application Cloudbees Jenkins 1.396 Details Vulnerabilities
95 Application Cloudbees Jenkins 1.397 Details Vulnerabilities
96 Application Cloudbees Jenkins 1.398 Details Vulnerabilities
97 Application Cloudbees Jenkins 1.399 Details Vulnerabilities
98 Application Cloudbees Jenkins 1.400 LTS Details Vulnerabilities
99 Application Cloudbees Jenkins 1.400 Details Vulnerabilities
100 Application Cloudbees Jenkins 1.400 Enterprise Details Vulnerabilities
101 Application Cloudbees Jenkins 1.400.0.12 LTS Details Vulnerabilities
102 Application Cloudbees Jenkins 1.400.0.12 Enterprise Details Vulnerabilities
103 Application Cloudbees Jenkins 1.401 Details Vulnerabilities
104 Application Cloudbees Jenkins 1.402 Details Vulnerabilities
105 Application Cloudbees Jenkins 1.403 Details Vulnerabilities
106 Application Cloudbees Jenkins 1.404 Details Vulnerabilities
107 Application Cloudbees Jenkins 1.405 Details Vulnerabilities
108 Application Cloudbees Jenkins 1.406 Details Vulnerabilities
109 Application Cloudbees Jenkins 1.407 Details Vulnerabilities
110 Application Cloudbees Jenkins 1.408 Details Vulnerabilities
111 Application Cloudbees Jenkins 1.409 Details Vulnerabilities
112 Application Cloudbees Jenkins 1.409.1 LTS Details Vulnerabilities
113 Application Cloudbees Jenkins 1.409.2 LTS Details Vulnerabilities
114 Application Cloudbees Jenkins 1.410 Details Vulnerabilities
115 Application Cloudbees Jenkins 1.411 Details Vulnerabilities
116 Application Cloudbees Jenkins 1.412 Details Vulnerabilities
117 Application Cloudbees Jenkins 1.413 Details Vulnerabilities
118 Application Cloudbees Jenkins 1.414 Details Vulnerabilities
119 Application Cloudbees Jenkins 1.415 Details Vulnerabilities
120 Application Cloudbees Jenkins 1.416 Details Vulnerabilities
121 Application Cloudbees Jenkins 1.417 Details Vulnerabilities
122 Application Cloudbees Jenkins 1.418 Details Vulnerabilities
123 Application Cloudbees Jenkins 1.419 Details Vulnerabilities
124 Application Cloudbees Jenkins 1.420 Details Vulnerabilities
125 Application Cloudbees Jenkins 1.421 Details Vulnerabilities
126 Application Cloudbees Jenkins 1.422 Details Vulnerabilities
127 Application Cloudbees Jenkins 1.423 Details Vulnerabilities
128 Application Cloudbees Jenkins 1.424 Details Vulnerabilities
129 Application Cloudbees Jenkins 1.424 Enterprise Details Vulnerabilities
130 Application Cloudbees Jenkins 1.424.5 Enterprise Details Vulnerabilities
131 Application Cloudbees Jenkins 1.425 Details Vulnerabilities
132 Application Cloudbees Jenkins 1.426 Details Vulnerabilities
133 Application Cloudbees Jenkins 1.427 Details Vulnerabilities
134 Application Cloudbees Jenkins 1.428 Details Vulnerabilities
135 Application Cloudbees Jenkins 1.429 Details Vulnerabilities
136 Application Cloudbees Jenkins 1.430 Details Vulnerabilities
137 Application Cloudbees Jenkins 1.431 Details Vulnerabilities
138 Application Cloudbees Jenkins 1.432 Details Vulnerabilities
139 Application Cloudbees Jenkins 1.433 Details Vulnerabilities
140 Application Cloudbees Jenkins 1.434 Details Vulnerabilities
141 Application Cloudbees Jenkins 1.435 Details Vulnerabilities
142 Application Cloudbees Jenkins 1.436 Details Vulnerabilities
143 Application Cloudbees Jenkins 1.437 Details Vulnerabilities
144 Application Cloudbees Jenkins 1.453 Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Cloudbees Jenkins 144

- References For CVE-2012-0324

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb CONFIRM
http://jvn.jp/en/jp/JVN14791558/index.html
JVN JVN#14791558
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022
JVNDB JVNDB-2012-000022

- Metasploit Modules Related To CVE-2012-0324

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.