{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-20T00:00:00", "descriptions": [{"lang": "en", "value": "The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-08T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032391"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:39:01.228Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032391"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6372", "datePublished": "2014-05-08T14:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2024-08-06T17:39:01.228Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0C3967-1BE4-4EC0-802A-B98BAB066CAF", "versionEndIncluding": "1.53", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC1BA0A-4F44-41CB-BE3D-86585343A996", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "42130246-75B1-47A2-B712-1896519E0615", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "ADB4F6BB-5C75-43FB-AAD6-948A499BE9D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "93379312-B9F0-4CD6-8E75-6D21EDBA1494", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "17A34AB1-C2CC-46B4-BD0A-847341D38412", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "6C80B65A-FA53-4ACA-A1F6-61FAABA803F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "A28330AB-CC93-460D-B984-1D0F77BB2545", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C68E121B-9509-46D8-A6B1-B38AA5BADA58", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "F2BDADED-2AE4-4833-8B72-033C2C09783E", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "2D7FF31F-0A0F-4925-9633-90E3E96EEC00", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.10:*:*:*:*:*:*:*", "matchCriteriaId": "6BC0D710-CDBF-45C3-AE8D-48E360A3B03E", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.11:*:*:*:*:*:*:*", "matchCriteriaId": "B62C0E6E-F258-4E78-A37B-0AF45B73D239", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.12:*:*:*:*:*:*:*", "matchCriteriaId": "D6792C3D-80B6-40D4-B004-BF79A306BFBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.13:*:*:*:*:*:*:*", "matchCriteriaId": "636C17AE-0147-4E82-843C-2974A0EF39C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C0FC4FDC-92DE-45C9-8027-B6C69A02DEB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.15:*:*:*:*:*:*:*", "matchCriteriaId": "E470E8EB-A2D7-4986-8F68-D35FD4545BAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.16:*:*:*:*:*:*:*", "matchCriteriaId": "C7AD55CE-BE53-40B8-B3D9-31767D4B336E", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.17:*:*:*:*:*:*:*", "matchCriteriaId": "E91FAD18-0CA2-4B57-A879-870BBFD07A03", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.18:*:*:*:*:*:*:*", "matchCriteriaId": "07CB2DDF-2FD1-4715-8AEB-4E909012E193", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.19:*:*:*:*:*:*:*", "matchCriteriaId": "118D6413-7BDE-496A-8161-79C5A65288E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.20:*:*:*:*:*:*:*", "matchCriteriaId": "03A6F19E-0825-43B4-B890-550EED3FB115", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.21:*:*:*:*:*:*:*", "matchCriteriaId": "B73C5933-58A7-4671-B134-DCFAFBA77AEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.22:*:*:*:*:*:*:*", "matchCriteriaId": "12EC1524-3A67-4154-AAB6-49EC725F132F", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.23:*:*:*:*:*:*:*", "matchCriteriaId": "33D3CC94-8466-497F-AEC2-039D4381D1B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.24:*:*:*:*:*:*:*", "matchCriteriaId": "A56D5604-CBC6-4861-9254-25FC48947EAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.25:*:*:*:*:*:*:*", "matchCriteriaId": "9F200895-2A69-44E4-9B74-63E1412FDD4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.26:*:*:*:*:*:*:*", "matchCriteriaId": "8E2EE14E-147B-4FB2-904B-D0A68DE6F977", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.27:*:*:*:*:*:*:*", "matchCriteriaId": "83B2328A-AB2D-488C-957E-49E44C844F2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.28:*:*:*:*:*:*:*", "matchCriteriaId": "A550AEFB-C037-4E81-B2B4-1439D25A3C35", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.29:*:*:*:*:*:*:*", "matchCriteriaId": "C503ABFA-363E-4A9A-B972-5FB343A99BD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.30:*:*:*:*:*:*:*", "matchCriteriaId": "F5409FB8-67F2-4D4E-AEA3-C73063076F20", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.31:*:*:*:*:*:*:*", "matchCriteriaId": "CB9F89E5-5979-4E33-BD77-96E86CA7FE6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.32:*:*:*:*:*:*:*", "matchCriteriaId": "76273F68-0A17-408E-92AF-E7314697A6C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.33:*:*:*:*:*:*:*", "matchCriteriaId": "AD2EE5D6-2941-46CA-880B-AD0BA83F7D74", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.34:*:*:*:*:*:*:*", "matchCriteriaId": "3B7E6CDD-4D4F-465B-867A-D8B39D2785FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.35:*:*:*:*:*:*:*", "matchCriteriaId": "200DD105-C201-4FCA-BA53-4206A1A4832D", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.36:*:*:*:*:*:*:*", "matchCriteriaId": "49FE2921-48B3-4542-8103-9C33FADFEB22", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.37:*:*:*:*:*:*:*", "matchCriteriaId": "E4921E1A-FC86-47EC-BDDC-60E502C03B01", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.38:*:*:*:*:*:*:*", "matchCriteriaId": "A3739D57-F82D-4A91-8FE6-266ADBF1DE97", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.39:*:*:*:*:*:*:*", "matchCriteriaId": "796A7271-9C54-4E42-B447-29E4E16D21C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.40:*:*:*:*:*:*:*", "matchCriteriaId": "D3D5A37E-CD16-4247-9312-54B6431869CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.41:*:*:*:*:*:*:*", "matchCriteriaId": "EB8D20BE-9728-4683-A139-B731BEB58CAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.42:*:*:*:*:*:*:*", "matchCriteriaId": "06787176-AF45-41D8-B6A6-B38DCCAD223C", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.43:*:*:*:*:*:*:*", "matchCriteriaId": "8D5C620E-D15E-4E90-B8D5-C88105676DEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.44:*:*:*:*:*:*:*", "matchCriteriaId": "D66176AA-0758-425E-AE20-BCBB6EDD5E27", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.45:*:*:*:*:*:*:*", "matchCriteriaId": "900F382D-20B0-4346-90AE-CFA44CBC9571", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.46:*:*:*:*:*:*:*", "matchCriteriaId": "63FEEF4B-BE5E-4C82-998A-D3CC50B903A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.47:*:*:*:*:*:*:*", "matchCriteriaId": "C3DAA19C-49C9-45F8-8341-90FA703B154F", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.48:*:*:*:*:*:*:*", "matchCriteriaId": "74879497-35C7-49C1-A6ED-8A9B759A2FC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.49:*:*:*:*:*:*:*", "matchCriteriaId": "CBDC2FC4-A7E0-4843-A5E2-E266E66A1F64", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.50:*:*:*:*:*:*:*", "matchCriteriaId": "0E8C4807-C0A5-437E-A0E2-10A6768918E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.51:*:*:*:*:*:*:*", "matchCriteriaId": "074EB173-1F65-4203-90AA-0164C2C32E56", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.52:*:*:*:*:*:*:*", "matchCriteriaId": "60F81CAB-203F-4625-833A-46302CBCE2F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file."}, {"lang": "es", "value": "El plugin Subversion anterior a 1.54 para Jenkins almacena credenciales utilizando codificaci\u00f3n base64, lo que permite a usuarios locales obtener contrase\u00f1as y claves privadas SSH mediante la lectura de un archivo subversion.credentials."}], "id": "CVE-2013-6372", "lastModified": "2024-11-21T01:59:05.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-08T14:29:11.940", "references": [{"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032391"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032391"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2014:1630", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "jenkins-0:1.565.3-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.1", "release_date": "2014-10-14T00:00:00Z"}, {"advisory": "RHBA-2014:1630", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "jenkins-plugin-openshift-0:0.6.40.1-0.el6op", "product_name": "Red Hat OpenShift Enterprise 2.1", "release_date": "2014-10-14T00:00:00Z"}, {"advisory": "RHBA-2014:1630", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-jenkins-0:1.20.3.5-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.1", "release_date": "2014-10-14T00:00:00Z"}], "bugzilla": {"description": "Jenkins: insecure storage of passwords in Subversion plugin (SECURITY-58)", "id": "1032391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032391"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-522", "details": ["The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file."], "name": "CVE-2013-6372", "package_state": [{"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "jenkins", "product_name": "OpenShift Enterprise 1"}], "public_date": "2013-11-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-6372\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6372"], "statement": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.", "threat_severity": "Low"}