VYPR
← All advisories
Low severityNVD Advisory· Published Feb 24, 2013· Updated Apr 29, 2026

CVE-2012-6074

CVE-2012-6074

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:jenkins-coreMaven
>= 1.481, < 1.4911.491
org.jenkins-ci.main:jenkins-coreMaven
< 1.480.11.480.1

Affected products

69
  • Jenkins Project/Jenkins68 versions
    cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*+ 67 more
    • cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*range: <=1.480.3.1
    • cpe:2.3:a:cloudbees:jenkins:1.400:-:lts:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.424.0.2:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.424.0.4:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.424.1.1:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.424.2.1:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.424.4.1:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.424.5.1:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.424.6.11:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.424.6.1:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.424:-:lts:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.447.1.1:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.447.2.2:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.447.3.1:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.447:-:lts:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.466.1.2:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:cloudbees:jenkins:1.466.2.1:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*range: <=1.466.2
    • cpe:2.3:a:jenkins:jenkins:1.400:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.401:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.402:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.403:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.404:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.405:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.406:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.407:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.408:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.409:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.409.1:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.409.2:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.409.3:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.410:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.411:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.412:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.413:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.414:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.415:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.416:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.417:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.418:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.419:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.420:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.421:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.422:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.423:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.424:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.424.1:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.424.2:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.424.3:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.424.4:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.424.5:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.424.6:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.425:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.426:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.427:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.428:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.429:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.430:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.431:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.432:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.433:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.434:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.435:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.436:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.437:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.447.1:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.447.2:*:*:*:*:*:*:*
    • cpe:2.3:a:jenkins:jenkins:1.466.1:*:*:*:*:*:*:*
  • ghsa-coords
    pkg:maven/org.jenkins-ci.main/jenkins-core
    Range: >= 1.481, < 1.491

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.