CVE-2013-0331

Published: Mar 19, 2013Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload.

Affected (2)

Products: Jenkins: Jenkins

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 1.480.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 1.501

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://rhn.redhat.com/errata/RHSA-2013-0638.html

Source: secalert@redhat.com

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2013/02/21/7

Source: secalert@redhat.com

http://www.securityfocus.com/bid/57994

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=914879

Source: secalert@redhat.com

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0638.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2013/02/21/7

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/57994

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=914879

Source: af854a3a-2127-422b-91ae-364da2661108

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.