CVE-2012-6074

Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.

Published: 2013-02-24 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2012-6074 is rated Low Risk (39.5/100): CVSS Low severity, with medium exploitation likelihood (EPSS 1.41%). EPSS rose +1.31% over the last day, indicating growing attacker interest. Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2012-6074

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.10% 1.41% +1.31%
2 2026-05-22 0.16% 0.10% -0.05%
3 2025-03-30 0.16%

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2012-6074

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
3.5 2.0 LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:S)
A single authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 6.8 2.9 [email protected]

Weakness enumeration for CVE-2012-6074

GitHub Security Advisory for CVE-2012-6074

GHSA-9hr6-5x6g-gg5g · Severity: low · Ecosystem: maven — Jenkins allows Cross-Site Scripting (XSS)

OS Trackers for CVE-2012-6074

vendor priority summary link
redhat medium https://access.redhat.com/security/cve/CVE-2012-6074
ubuntu medium CVE-2012-6074 medium priority: Ubuntu including 1 source packages (jenkins), 15 status rows across 15 suites (hardy, lucid, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): DNE 9, ignored 5, released 1. https://ubuntu.com/security/CVE-2012-6074

Affected software / configurations for CVE-2012-6074

Vendor Product Version Raw CPE
cloudbees jenkins <= 1.480.3.1 cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*
jenkins jenkins 1.400 cpe:2.3:a:jenkins:jenkins:1.400:*:*:*:*:*:*:*
jenkins jenkins 1.401 cpe:2.3:a:jenkins:jenkins:1.401:*:*:*:*:*:*:*
jenkins jenkins 1.402 cpe:2.3:a:jenkins:jenkins:1.402:*:*:*:*:*:*:*
jenkins jenkins 1.403 cpe:2.3:a:jenkins:jenkins:1.403:*:*:*:*:*:*:*
jenkins jenkins 1.404 cpe:2.3:a:jenkins:jenkins:1.404:*:*:*:*:*:*:*
jenkins jenkins 1.405 cpe:2.3:a:jenkins:jenkins:1.405:*:*:*:*:*:*:*
jenkins jenkins 1.406 cpe:2.3:a:jenkins:jenkins:1.406:*:*:*:*:*:*:*
jenkins jenkins 1.407 cpe:2.3:a:jenkins:jenkins:1.407:*:*:*:*:*:*:*
jenkins jenkins 1.408 cpe:2.3:a:jenkins:jenkins:1.408:*:*:*:*:*:*:*
jenkins jenkins 1.409 cpe:2.3:a:jenkins:jenkins:1.409:*:*:*:*:*:*:*
jenkins jenkins 1.410 cpe:2.3:a:jenkins:jenkins:1.410:*:*:*:*:*:*:*
jenkins jenkins 1.411 cpe:2.3:a:jenkins:jenkins:1.411:*:*:*:*:*:*:*
jenkins jenkins 1.412 cpe:2.3:a:jenkins:jenkins:1.412:*:*:*:*:*:*:*
jenkins jenkins 1.413 cpe:2.3:a:jenkins:jenkins:1.413:*:*:*:*:*:*:*
jenkins jenkins 1.414 cpe:2.3:a:jenkins:jenkins:1.414:*:*:*:*:*:*:*
jenkins jenkins 1.415 cpe:2.3:a:jenkins:jenkins:1.415:*:*:*:*:*:*:*
jenkins jenkins 1.416 cpe:2.3:a:jenkins:jenkins:1.416:*:*:*:*:*:*:*
jenkins jenkins 1.417 cpe:2.3:a:jenkins:jenkins:1.417:*:*:*:*:*:*:*
jenkins jenkins 1.418 cpe:2.3:a:jenkins:jenkins:1.418:*:*:*:*:*:*:*
jenkins jenkins 1.419 cpe:2.3:a:jenkins:jenkins:1.419:*:*:*:*:*:*:*
jenkins jenkins 1.420 cpe:2.3:a:jenkins:jenkins:1.420:*:*:*:*:*:*:*
jenkins jenkins 1.421 cpe:2.3:a:jenkins:jenkins:1.421:*:*:*:*:*:*:*
jenkins jenkins 1.422 cpe:2.3:a:jenkins:jenkins:1.422:*:*:*:*:*:*:*
jenkins jenkins 1.423 cpe:2.3:a:jenkins:jenkins:1.423:*:*:*:*:*:*:*
jenkins jenkins 1.424 cpe:2.3:a:jenkins:jenkins:1.424:*:*:*:*:*:*:*
jenkins jenkins 1.425 cpe:2.3:a:jenkins:jenkins:1.425:*:*:*:*:*:*:*
jenkins jenkins 1.426 cpe:2.3:a:jenkins:jenkins:1.426:*:*:*:*:*:*:*
jenkins jenkins 1.427 cpe:2.3:a:jenkins:jenkins:1.427:*:*:*:*:*:*:*
jenkins jenkins 1.428 cpe:2.3:a:jenkins:jenkins:1.428:*:*:*:*:*:*:*
jenkins jenkins 1.429 cpe:2.3:a:jenkins:jenkins:1.429:*:*:*:*:*:*:*
jenkins jenkins 1.430 cpe:2.3:a:jenkins:jenkins:1.430:*:*:*:*:*:*:*
jenkins jenkins 1.431 cpe:2.3:a:jenkins:jenkins:1.431:*:*:*:*:*:*:*
jenkins jenkins 1.432 cpe:2.3:a:jenkins:jenkins:1.432:*:*:*:*:*:*:*
jenkins jenkins 1.433 cpe:2.3:a:jenkins:jenkins:1.433:*:*:*:*:*:*:*
jenkins jenkins 1.434 cpe:2.3:a:jenkins:jenkins:1.434:*:*:*:*:*:*:*
jenkins jenkins 1.435 cpe:2.3:a:jenkins:jenkins:1.435:*:*:*:*:*:*:*
jenkins jenkins 1.436 cpe:2.3:a:jenkins:jenkins:1.436:*:*:*:*:*:*:*
jenkins jenkins 1.437 cpe:2.3:a:jenkins:jenkins:1.437:*:*:*:*:*:*:*
cloudbees jenkins 1.447.1.1 cpe:2.3:a:cloudbees:jenkins:1.447.1.1:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.447.2.2 cpe:2.3:a:cloudbees:jenkins:1.447.2.2:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.447.3.1 cpe:2.3:a:cloudbees:jenkins:1.447.3.1:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.424.0.2 cpe:2.3:a:cloudbees:jenkins:1.424.0.2:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.424.0.4 cpe:2.3:a:cloudbees:jenkins:1.424.0.4:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.424.1.1 cpe:2.3:a:cloudbees:jenkins:1.424.1.1:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.424.2.1 cpe:2.3:a:cloudbees:jenkins:1.424.2.1:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.424.4.1 cpe:2.3:a:cloudbees:jenkins:1.424.4.1:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.424.5.1 cpe:2.3:a:cloudbees:jenkins:1.424.5.1:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.424.6.1 cpe:2.3:a:cloudbees:jenkins:1.424.6.1:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.424.6.11 cpe:2.3:a:cloudbees:jenkins:1.424.6.11:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.466.1.2 cpe:2.3:a:cloudbees:jenkins:1.466.1.2:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.466.2.1 cpe:2.3:a:cloudbees:jenkins:1.466.2.1:-:enterprise:*:*:*:*:*
cloudbees jenkins 1.400 cpe:2.3:a:cloudbees:jenkins:1.400:-:lts:*:*:*:*:*
cloudbees jenkins 1.424 cpe:2.3:a:cloudbees:jenkins:1.424:-:lts:*:*:*:*:*
cloudbees jenkins 1.447 cpe:2.3:a:cloudbees:jenkins:1.447:-:lts:*:*:*:*:*
jenkins jenkins <= 1.466.2 cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
jenkins jenkins 1.409.1 cpe:2.3:a:jenkins:jenkins:1.409.1:*:*:*:*:*:*:*
jenkins jenkins 1.409.2 cpe:2.3:a:jenkins:jenkins:1.409.2:*:*:*:*:*:*:*
jenkins jenkins 1.409.3 cpe:2.3:a:jenkins:jenkins:1.409.3:*:*:*:*:*:*:*
jenkins jenkins 1.424.1 cpe:2.3:a:jenkins:jenkins:1.424.1:*:*:*:*:*:*:*
jenkins jenkins 1.424.2 cpe:2.3:a:jenkins:jenkins:1.424.2:*:*:*:*:*:*:*
jenkins jenkins 1.424.3 cpe:2.3:a:jenkins:jenkins:1.424.3:*:*:*:*:*:*:*
jenkins jenkins 1.424.4 cpe:2.3:a:jenkins:jenkins:1.424.4:*:*:*:*:*:*:*
jenkins jenkins 1.424.5 cpe:2.3:a:jenkins:jenkins:1.424.5:*:*:*:*:*:*:*
jenkins jenkins 1.424.6 cpe:2.3:a:jenkins:jenkins:1.424.6:*:*:*:*:*:*:*
jenkins jenkins 1.447.1 cpe:2.3:a:jenkins:jenkins:1.447.1:*:*:*:*:*:*:*
jenkins jenkins 1.447.2 cpe:2.3:a:jenkins:jenkins:1.447.2:*:*:*:*:*:*:*
jenkins jenkins 1.466.1 cpe:2.3:a:jenkins:jenkins:1.466.1:*:*:*:*:*:*:*

References for CVE-2012-6074

cvelogic Threat Intelligence