CVE-2013-6372

Published May 8, 2014
Last updated 3 months ago
CVSS info 2.1
Overview

Description: The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
Source: secalert@redhat.com
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-255
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A0C3967-1BE4-4EC0-802A-B98BAB066CAF",
            "versionEndIncluding": "1.53"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFC1BA0A-4F44-41CB-BE3D-86585343A996"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42130246-75B1-47A2-B712-1896519E0615"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADB4F6BB-5C75-43FB-AAD6-948A499BE9D5"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93379312-B9F0-4CD6-8E75-6D21EDBA1494"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17A34AB1-C2CC-46B4-BD0A-847341D38412"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C80B65A-FA53-4ACA-A1F6-61FAABA803F0"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A28330AB-CC93-460D-B984-1D0F77BB2545"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C68E121B-9509-46D8-A6B1-B38AA5BADA58"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2BDADED-2AE4-4833-8B72-033C2C09783E"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D7FF31F-0A0F-4925-9633-90E3E96EEC00"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BC0D710-CDBF-45C3-AE8D-48E360A3B03E"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B62C0E6E-F258-4E78-A37B-0AF45B73D239"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6792C3D-80B6-40D4-B004-BF79A306BFBC"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "636C17AE-0147-4E82-843C-2974A0EF39C4"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0FC4FDC-92DE-45C9-8027-B6C69A02DEB9"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E470E8EB-A2D7-4986-8F68-D35FD4545BAC"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7AD55CE-BE53-40B8-B3D9-31767D4B336E"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E91FAD18-0CA2-4B57-A879-870BBFD07A03"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07CB2DDF-2FD1-4715-8AEB-4E909012E193"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "118D6413-7BDE-496A-8161-79C5A65288E8"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03A6F19E-0825-43B4-B890-550EED3FB115"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B73C5933-58A7-4671-B134-DCFAFBA77AEC"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12EC1524-3A67-4154-AAB6-49EC725F132F"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33D3CC94-8466-497F-AEC2-039D4381D1B0"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A56D5604-CBC6-4861-9254-25FC48947EAD"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F200895-2A69-44E4-9B74-63E1412FDD4D"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E2EE14E-147B-4FB2-904B-D0A68DE6F977"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.27:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83B2328A-AB2D-488C-957E-49E44C844F2D"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.28:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A550AEFB-C037-4E81-B2B4-1439D25A3C35"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C503ABFA-363E-4A9A-B972-5FB343A99BD6"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5409FB8-67F2-4D4E-AEA3-C73063076F20"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB9F89E5-5979-4E33-BD77-96E86CA7FE6B"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76273F68-0A17-408E-92AF-E7314697A6C3"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD2EE5D6-2941-46CA-880B-AD0BA83F7D74"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B7E6CDD-4D4F-465B-867A-D8B39D2785FB"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "200DD105-C201-4FCA-BA53-4206A1A4832D"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49FE2921-48B3-4542-8103-9C33FADFEB22"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4921E1A-FC86-47EC-BDDC-60E502C03B01"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.38:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3739D57-F82D-4A91-8FE6-266ADBF1DE97"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.39:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "796A7271-9C54-4E42-B447-29E4E16D21C2"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3D5A37E-CD16-4247-9312-54B6431869CA"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB8D20BE-9728-4683-A139-B731BEB58CAB"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06787176-AF45-41D8-B6A6-B38DCCAD223C"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.43:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D5C620E-D15E-4E90-B8D5-C88105676DEA"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.44:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D66176AA-0758-425E-AE20-BCBB6EDD5E27"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.45:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "900F382D-20B0-4346-90AE-CFA44CBC9571"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.46:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63FEEF4B-BE5E-4C82-998A-D3CC50B903A7"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.47:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3DAA19C-49C9-45F8-8341-90FA703B154F"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.48:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74879497-35C7-49C1-A6ED-8A9B759A2FC8"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBDC2FC4-A7E0-4843-A5E2-E266E66A1F64"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E8C4807-C0A5-437E-A0E2-10A6768918E7"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.51:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "074EB173-1F65-4203-90AA-0164C2C32E56"
          },
          {
            "criteria": "cpe:2.3:a:jenkins-ci:subversion-plugin:1.52:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60F81CAB-203F-4625-833A-46302CBCE2F5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
