Description
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat OpenShift Enterprise 2.1 | |||
| jenkins-0:1.565.3-1.el6op | cpe:/a:redhat:openshift:2.0::el6 | RHBA-2014:1630 | 2014-10-14T00:00:00Z |
| jenkins-plugin-openshift-0:0.6.40.1-0.el6op | cpe:/a:redhat:openshift:2.0::el6 | RHBA-2014:1630 | 2014-10-14T00:00:00Z |
| openshift-origin-cartridge-jenkins-0:1.20.3.5-1.el6op | cpe:/a:redhat:openshift:2.0::el6 | RHBA-2014:1630 | 2014-10-14T00:00:00Z |
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2013-6197 | Jenkins Subversion Plugin Stores Credentials with Base64 Encoding |
 Github GHSA |
GHSA-c4fr-gx5w-8qf2 | Jenkins Subversion Plugin Stores Credentials with Base64 Encoding |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T17:39:01.228Z
Reserved: 2013-11-04T00:00:00.000Z
Link: CVE-2013-6372
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-05-08T14:29:11.940
Modified: 2026-05-06T22:30:45.220
Link: CVE-2013-6372
Redhat
OpenCVE Enrichment
No data.