{ "threat_severity" : "Important", "public_date" : "2013-01-04T00:00:00Z", "bugzilla" : { "description" : "jenkins: remote unauthenticated retrieval of master cryptographic key (Jenkins Security Advisory 2013-01-04)", "id" : "892795", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=892795" }, "cvss" : { "cvss_base_score" : "6.8", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status" : "verified" }, "details" : [ "Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors." ], "affected_release" : [ { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "jenkins-0:1.498-1.1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "mongodb-0:2.0.2-6.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-console-0:0.0.13-2.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-broker-0:1.0.10-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-broker-util-0:1.0.14-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-cartridge-haproxy-1.4-0:1.0.3-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-cartridge-ruby-1.8-0:1.0.5-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-cartridge-ruby-1.9-scl-0:1.0.5-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-msg-node-mcollective-0:1.0.2-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-node-util-0:1.0.7-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "openshift-origin-port-proxy-0:1.0.3-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rhc-0:1.3.2-1.3.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "ruby193-rubygem-activerecord-1:3.2.8-2.el6" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "ruby193-rubygem-passenger-0:3.0.12-21.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-activerecord-1:3.0.13-3.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-auth-remote-user-0:1.0.4-2.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-common-0:1.0.2-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-console-0:1.0.6-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-controller-0:1.0.11-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-dns-bind-0:1.0.2-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-msg-broker-mcollective-0:1.0.4-1.el6op" }, { "product_name" : "RHEL 6 Version of OpenShift Enterprise", "release_date" : "2013-01-31T00:00:00Z", "advisory" : "RHSA-2013:0220", "cpe" : "cpe:/a:redhat:openshift:1::el6", "package" : "rubygem-openshift-origin-node-0:1.0.10-6.el6op" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-0158\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0158" ], "name" : "CVE-2013-0158", "csaw" : false }