← Back

CVE-2012-0324

nvd nist
Published: Mar 9, 2012Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.

Affected (144)

Cloudbees
1 product
Jenkins
Jenkins
1 product
Jenkins
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Cloudbees
Jenkins
Version 1.400.0.12
Jenkins
Version 1.400
Jenkins
Version 1.424.5
Jenkins
Version 1.424
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Cloudbees
Jenkins
Version 1.400.0.12
Jenkins
Version 1.400
Configuration C
138 vulnerable
Vulnerable SoftwareAffected Versions
Jenkins
Up to 1.453
Jenkins
Jenkins
Version 1.301
Jenkins
Version 1.302
Jenkins
Version 1.303
Jenkins
Version 1.304
Jenkins
Version 1.305
Jenkins
Version 1.306
Jenkins
Version 1.307
Jenkins
Version 1.308
Jenkins
Version 1.309
Jenkins
Version 1.310
Jenkins
Version 1.311
Jenkins
Version 1.312
Jenkins
Version 1.313
Jenkins
Version 1.314
Jenkins
Version 1.315
Jenkins
Version 1.316
Jenkins
Version 1.317
Jenkins
Version 1.318
Jenkins
Version 1.319
Jenkins
Version 1.320
Jenkins
Version 1.321
Jenkins
Version 1.322
Jenkins
Version 1.323
Jenkins
Version 1.324
Jenkins
Version 1.325
Jenkins
Version 1.326
Jenkins
Version 1.327
Jenkins
Version 1.328
Jenkins
Version 1.329
Jenkins
Version 1.330
Jenkins
Version 1.331
Jenkins
Version 1.332
Jenkins
Version 1.333
Jenkins
Version 1.334
Jenkins
Version 1.335
Jenkins
Version 1.336
Jenkins
Version 1.337
Jenkins
Version 1.338
Jenkins
Version 1.339
Jenkins
Version 1.340
Jenkins
Version 1.341
Jenkins
Version 1.342
Jenkins
Version 1.343
Jenkins
Version 1.344
Jenkins
Version 1.345
Jenkins
Version 1.346
Jenkins
Version 1.347
Jenkins
Version 1.348
Jenkins
Version 1.349
Jenkins
Version 1.350
Jenkins
Version 1.351
Jenkins
Version 1.352
Jenkins
Version 1.353
Jenkins
Version 1.354
Jenkins
Version 1.355
Jenkins
Version 1.356
Jenkins
Version 1.357
Jenkins
Version 1.358
Jenkins
Version 1.359
Jenkins
Version 1.360
Jenkins
Version 1.361
Jenkins
Version 1.362
Jenkins
Version 1.363
Jenkins
Version 1.364
Jenkins
Version 1.365
Jenkins
Version 1.366
Jenkins
Version 1.367
Jenkins
Version 1.368
Jenkins
Version 1.369
Jenkins
Version 1.370
Jenkins
Version 1.371
Jenkins
Version 1.372
Jenkins
Version 1.373
Jenkins
Version 1.374
Jenkins
Version 1.375
Jenkins
Version 1.376
Jenkins
Version 1.377
Jenkins
Version 1.378
Jenkins
Version 1.379
Jenkins
Version 1.380
Jenkins
Version 1.382
Jenkins
Version 1.383
Jenkins
Version 1.384
Jenkins
Version 1.386
Jenkins
Version 1.387
Jenkins
Version 1.388
Jenkins
Version 1.389
Jenkins
Version 1.390
Jenkins
Version 1.391
Jenkins
Version 1.392
Jenkins
Version 1.393
Jenkins
Version 1.394
Jenkins
Version 1.395
Jenkins
Version 1.396
Jenkins
Version 1.397
Jenkins
Version 1.398
Jenkins
Version 1.399
Jenkins
Version 1.400
Jenkins
Version 1.401
Jenkins
Version 1.402
Jenkins
Version 1.403
Jenkins
Version 1.404
Jenkins
Version 1.405
Jenkins
Version 1.406
Jenkins
Version 1.407
Jenkins
Version 1.408
Jenkins
Version 1.409.1
Jenkins
Version 1.409.2
Jenkins
Version 1.409
Jenkins
Version 1.410
Jenkins
Version 1.411
Jenkins
Version 1.412
Jenkins
Version 1.413
Jenkins
Version 1.414
Jenkins
Version 1.415
Jenkins
Version 1.416
Jenkins
Version 1.417
Jenkins
Version 1.418
Jenkins
Version 1.419
Jenkins
Version 1.420
Jenkins
Version 1.421
Jenkins
Version 1.422
Jenkins
Version 1.423
Jenkins
Version 1.424
Jenkins
Version 1.425
Jenkins
Version 1.426
Jenkins
Version 1.427
Jenkins
Version 1.428
Jenkins
Version 1.429
Jenkins
Version 1.430
Jenkins
Version 1.431
Jenkins
Version 1.432
Jenkins
Version 1.433
Jenkins
Version 1.434
Jenkins
Version 1.435
Jenkins
Version 1.436
Jenkins
Version 1.437

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: vultures@jpcert.or.jp
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.