{ "threat_severity" : "Moderate", "public_date" : "2012-11-20T00:00:00Z", "bugzilla" : { "description" : "Jenkins: open redirect", "id" : "890608", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=890608" }, "cvss" : { "cvss_base_score" : "4.3", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status" : "verified" }, "details" : [ "Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." ], "affected_release" : [ { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "jenkins-0:1.498-1.1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "mongodb-0:2.0.2-6.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-console-0:0.0.13-2.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-broker-0:1.0.10-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-broker-util-0:1.0.14-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-cartridge-haproxy-1.4-0:1.0.3-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-cartridge-ruby-1.8-0:1.0.5-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-cartridge-ruby-1.9-scl-0:1.0.5-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-msg-node-mcollective-0:1.0.2-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-node-util-0:1.0.7-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-port-proxy-0:1.0.3-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rhc-0:1.3.2-1.3.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "ruby193-rubygem-activerecord-1:3.2.8-2.el6" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "ruby193-rubygem-passenger-0:3.0.12-21.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-activerecord-1:3.0.13-3.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-auth-remote-user-0:1.0.4-2.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-common-0:1.0.2-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-console-0:1.0.6-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-controller-0:1.0.11-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-dns-bind-0:1.0.2-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-msg-broker-mcollective-0:1.0.4-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-node-0:1.0.10-6.el6op" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-6073\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-6073" ], "name" : "CVE-2012-6073", "csaw" : false }