CVE-2012-6072

Description

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Risk Information

Base Score

9.8

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

Exploitation Probability

0.113

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in Jenkins 1.480.3.1	Windows
Vulnerabilities CVE-2012-6073,CVE-2012-6074,CVE-2012-6072 are fixed in Jenkins-Core 1.480.1	Windows
Vulnerabilities CVE-2012-6073,CVE-2012-6074,CVE-2012-6072 are fixed in Jenkins-Core 1.491	Windows
Multiple vulnerabilities affected in Jenkins 1.480.3.1 (For Ubuntu)	Linux
Multiple vulnerabilities affected in Jenkins 1.480.3.1 (For Debian)	Linux
Multiple vulnerabilities affected in Jenkins 1.480.3.1 (For Centos)	Linux
Multiple vulnerabilities affected in Jenkins 1.480.3.1 (For RedHat)	Linux
Multiple vulnerabilities affected in Jenkins 1.480.3.1 (For Suse)	Linux
Vulnerabilities CVE-2012-6073,CVE-2012-6074,CVE-2012-6072 are fixed in Jenkins-Core for Linux 1.480.1	Linux
Vulnerabilities CVE-2012-6073,CVE-2012-6074,CVE-2012-6072 are fixed in Jenkins-Core for Linux 1.491	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234