Candidate: CVE-2013-6372
PublicDate: 2014-05-08 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6372
 https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6
 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
 https://bugzilla.redhat.com/show_bug.cgi?id=1032391
Description:
 The Subversion plugin before 1.54 for Jenkins stores credentials using
 base64 encoding, which allows local users to obtain passwords and SSH
 private keys by reading a subversion.credentials file.
Ubuntu-Description:
Notes:
 seth-arnold> We don't ship this module; I further suspect the fix is just further
  obfuscation, as I didn't see any user-supplied keys or passphrases to decode
  the stored data.
Bugs:
Priority: low
Discovered-by: Lennart Starr
Assigned-to:
CVSS: 

Patches_jenkins:
 upstream: https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6
upstream_jenkins: released (1.54)
lucid_jenkins: DNE
precise_jenkins: not-affected
quantal_jenkins: not-affected
saucy_jenkins: not-affected
trusty_jenkins: DNE
trusty/esm_jenkins: DNE
devel_jenkins: DNE