Vulnerability Details : CVE-2013-0158
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
Products affected by CVE-2013-0158
- cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.447.2.2:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.447.3.1:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.447.1.1:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.400:-:lts:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.424:-:lts:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.447:-:lts:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.466.2.1:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.466.1.2:-:enterprise:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.409.1:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.404:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.426:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.429:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.418:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.421:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.412:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.413:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.437:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.430:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.433:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.422:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.425:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.416:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.417:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.408:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.409:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.403:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.431:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.428:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.423:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.420:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.414:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.415:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.406:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.407:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.435:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.402:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.434:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.401:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.409.2:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.432:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.427:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.419:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.410:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.411:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.405:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.436:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.400:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.409.3:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.447.1:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424.6:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424.5:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424.4:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424.3:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.447.2:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424.1:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.466.1:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424.2:*:*:*:*:*:*:*
Threat overview for CVE-2013-0158
Top countries where our scanners detected CVE-2013-0158
Top open port discovered on systems with this issue
8080
IPs affected by CVE-2013-0158 4
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-0158!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-0158
0.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0158
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST |
References for CVE-2013-0158
-
https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602
[SECURITY-49] actively invalidate bad API tokens. · jenkinsci/jenkins@94a8789 · GitHub
-
https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2
[SECURITY-49] Backing off from @Extension-based discovery. · jenkinsci/jenkins@c3d8e05 · GitHub
-
https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd
[SECURITY-49] Deprecating Jenkins.getSecretKey() · jenkinsci/jenkins@a9aff08 · GitHub
-
http://www.openwall.com/lists/oss-security/2013/01/07/4
oss-security - Re: CVE Request: Jenkins possible remote code execution
-
http://rhn.redhat.com/errata/RHSA-2013-0220.html
RHSA-2013:0220 - Security Advisory - Red Hat Customer Portal
-
https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5
[SECURITY-49] added a tool to re-key secrets · jenkinsci/jenkins@4895eaa · GitHub
-
https://bugzilla.redhat.com/show_bug.cgi?id=892795
892795 – (CVE-2013-0158) CVE-2013-0158 jenkins: remote unauthenticated retrieval of master cryptographic key (Jenkins Security Advisory 2013-01-04)
-
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb
Jenkins Security Advisory 2013-01-04 | CloudBeesVendor Advisory
-
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
Jenkins Security Advisory 2013-01-04 - Security Advisories - Jenkins WikiVendor Advisory
-
https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04
[SECURITY-49] mark secret.key generated by post SECURITY-49 Jenkins. · jenkinsci/jenkins@3dc13b9 · GitHub
Jump to