{ "threat_severity" : "Low", "public_date" : "2013-11-21T00:00:00Z", "bugzilla" : { "description" : "Jenkins: insecure storage of passwords in Subversion plugin (SECURITY-58)", "id" : "1032391", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1032391" }, "cvss" : { "cvss_base_score" : "2.1", "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-522", "details" : [ "The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file." ], "statement" : "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.", "affected_release" : [ { "product_name" : "Red Hat OpenShift Enterprise 2.1", "release_date" : "2014-10-14T00:00:00Z", "advisory" : "RHBA-2014:1630", "cpe" : "cpe:/a:redhat:openshift:2.0::el6", "package" : "jenkins-0:1.565.3-1.el6op" }, { "product_name" : "Red Hat OpenShift Enterprise 2.1", "release_date" : "2014-10-14T00:00:00Z", "advisory" : "RHBA-2014:1630", "cpe" : "cpe:/a:redhat:openshift:2.0::el6", "package" : "jenkins-plugin-openshift-0:0.6.40.1-0.el6op" }, { "product_name" : "Red Hat OpenShift Enterprise 2.1", "release_date" : "2014-10-14T00:00:00Z", "advisory" : "RHBA-2014:1630", "cpe" : "cpe:/a:redhat:openshift:2.0::el6", "package" : "openshift-origin-cartridge-jenkins-0:1.20.3.5-1.el6op" } ], "package_state" : [ { "product_name" : "OpenShift Enterprise 1", "fix_state" : "Will not fix", "package_name" : "jenkins", "cpe" : "cpe:/a:redhat:openshift:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-6372\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6372" ], "name" : "CVE-2013-6372", "csaw" : false }