Moderate severityNVD Advisory· Published Feb 24, 2013· Updated Apr 29, 2026

CVE-2012-6072

Description

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.main:jenkins-coreMaven	>= 1.481, < 1.491	1.491
org.jenkins-ci.main:jenkins-coreMaven	< 1.480.1	1.480.1

Affected products

Jenkins Project/Jenkins68 versions
cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*+ 67 more
- cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*range: <=1.480.3.1
- cpe:2.3:a:cloudbees:jenkins:1.400:-:lts:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.424.0.2:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.424.0.4:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.424.1.1:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.424.2.1:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.424.4.1:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.424.5.1:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.424.6.11:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.424.6.1:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.424:-:lts:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.447.1.1:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.447.2.2:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.447.3.1:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.447:-:lts:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.466.1.2:-:enterprise:*:*:*:*:*
- cpe:2.3:a:cloudbees:jenkins:1.466.2.1:-:enterprise:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*range: <=1.466.2
- cpe:2.3:a:jenkins:jenkins:1.400:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.401:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.402:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.403:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.404:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.405:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.406:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.407:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.408:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.409:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.409.1:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.409.2:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.409.3:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.410:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.411:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.412:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.413:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.414:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.415:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.416:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.417:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.418:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.419:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.420:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.421:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.422:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.423:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424.1:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424.2:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424.3:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424.4:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424.5:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.424.6:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.425:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.426:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.427:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.428:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.429:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.430:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.431:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.432:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.433:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.434:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.435:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.436:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.437:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.447.1:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.447.2:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:1.466.1:*:*:*:*:*:*:*
ghsa-coords
pkg:maven/org.jenkins-ci.main/jenkins-core
Range: >= 1.481, < 1.491

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cbnvdVendor AdvisoryWEB
github.com/advisories/GHSA-2q8v-qx2x-hxjxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2012-6072ghsaADVISORY
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20nvdVendor AdvisoryWEB
rhn.redhat.com/errata/RHSA-2013-0220.htmlnvdWEB
bugzilla.redhat.com/show_bug.cginvdWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000