CVE-2013-6372
Severity CVSS v4.0:
Pending analysis
Type:
CWE-255
Credentials Management
Publication date:
08/05/2014
Last modified:
12/04/2025
Description
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
Impact
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:jenkins-ci:subversion-plugin:*:*:*:*:*:*:*:* | 1.53 (including) | |
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jenkins-ci:subversion-plugin:1.13:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://bugzilla.redhat.com/show_bug.cgi?id=1032391
- https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
- https://bugzilla.redhat.com/show_bug.cgi?id=1032391
- https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20