CVE-2012-6072
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
4.3
Description
Jenkins allows HTTP Injection and Response Splitting
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.jenkins-ci.main:jenkins-core | >=1.481,<1.491 | 1.491 |
| Maven | org.jenkins-ci.main:jenkins-core | <1.480.1 | 1.480.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cloudbees | jenkins | 1.447.1.1 | |
| cloudbees | jenkins | 1.447.2.2 | |
| cloudbees | jenkins | 1.447.3.1 | |
| cloudbees | jenkins | 1.400 | |
| cloudbees | jenkins | 1.424 | |
| cloudbees | jenkins | 1.447 | |
| jenkins | jenkins | {"endIncluding":"1.466.2"} | |
| jenkins | jenkins | 1.409.1 | |
| jenkins | jenkins | 1.409.2 | |
| jenkins | jenkins | 1.409.3 | |
| jenkins | jenkins | 1.424.1 | |
| jenkins | jenkins | 1.424.2 | |
| jenkins | jenkins | 1.424.3 | |
| jenkins | jenkins | 1.424.4 | |
| jenkins | jenkins | 1.424.5 | |
| jenkins | jenkins | 1.424.6 | |
| jenkins | jenkins | 1.447.1 | |
| jenkins | jenkins | 1.447.2 | |
| jenkins | jenkins | 1.466.1 | |
| cloudbees | jenkins | 1.466.1.2 | |
| cloudbees | jenkins | 1.466.2.1 | |
| cloudbees | jenkins | {"endIncluding":"1.480.3.1"} | |
| jenkins | jenkins | 1.400 | |
| jenkins | jenkins | 1.401 | |
| jenkins | jenkins | 1.402 | |
| jenkins | jenkins | 1.403 | |
| jenkins | jenkins | 1.404 | |
| jenkins | jenkins | 1.405 | |
| jenkins | jenkins | 1.406 | |
| jenkins | jenkins | 1.407 | |
| jenkins | jenkins | 1.408 | |
| jenkins | jenkins | 1.409 | |
| jenkins | jenkins | 1.410 | |
| jenkins | jenkins | 1.411 | |
| jenkins | jenkins | 1.412 | |
| jenkins | jenkins | 1.413 | |
| jenkins | jenkins | 1.414 | |
| jenkins | jenkins | 1.415 | |
| jenkins | jenkins | 1.416 | |
| jenkins | jenkins | 1.417 | |
| jenkins | jenkins | 1.418 | |
| jenkins | jenkins | 1.419 | |
| jenkins | jenkins | 1.420 | |
| jenkins | jenkins | 1.421 | |
| jenkins | jenkins | 1.422 | |
| jenkins | jenkins | 1.423 | |
| jenkins | jenkins | 1.424 | |
| jenkins | jenkins | 1.425 | |
| jenkins | jenkins | 1.426 | |
| jenkins | jenkins | 1.427 | |
| jenkins | jenkins | 1.428 | |
| jenkins | jenkins | 1.429 | |
| jenkins | jenkins | 1.430 | |
| jenkins | jenkins | 1.431 | |
| jenkins | jenkins | 1.432 | |
| jenkins | jenkins | 1.433 | |
| jenkins | jenkins | 1.434 | |
| jenkins | jenkins | 1.435 | |
| jenkins | jenkins | 1.436 | |
| jenkins | jenkins | 1.437 | |
| cloudbees | jenkins | 1.424.0.2 | |
| cloudbees | jenkins | 1.424.0.4 | |
| cloudbees | jenkins | 1.424.1.1 | |
| cloudbees | jenkins | 1.424.2.1 | |
| cloudbees | jenkins | 1.424.4.1 | |
| cloudbees | jenkins | 1.424.5.1 | |
| cloudbees | jenkins | 1.424.6.1 | |
| cloudbees | jenkins | 1.424.6.11 | |
References
- http://rhn.redhat.com/errata/RHSA-2013-0220.html
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
- https://bugzilla.redhat.com/show_bug.cgi?id=890607
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
- https://nvd.nist.gov/vuln/detail/CVE-2012-6072
- https://github.com/jenkinsci/jenkins
CWEs
CWE-20
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.