CVE-2013-6372

Exp

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.

Published: 2014-05-08 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2013-6372 is rated Exploit Available (50/100): CVSS Low severity, with low exploitation likelihood (EPSS 0.50%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2013-6372

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2013-6372

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.14% 0.50% +0.35%
2 2025-03-17 0.04% 0.14% +0.10%
3 2023-03-07 0.04%

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2013-6372

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
2.1 2.0 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
3.9 2.9 [email protected]

Weakness enumeration for CVE-2013-6372

GitHub Security Advisory for CVE-2013-6372

GHSA-c4fr-gx5w-8qf2 · Severity: medium · Ecosystem: maven — Jenkins Subversion Plugin Stores Credentials with Base64 Encoding

OS Trackers for CVE-2013-6372

vendor priority summary link
redhat low https://access.redhat.com/security/cve/CVE-2013-6372
ubuntu low CVE-2013-6372 low priority: Ubuntu including 1 source packages (jenkins), 6 status rows across 6 suites (lucid, precise, quantal, saucy, trusty, upstream): not-affected 3, DNE 2, released 1. https://ubuntu.com/security/CVE-2013-6372

Affected software / configurations for CVE-2013-6372

Vendor Product Version Raw CPE
jenkins-ci subversion-plugin <= 1.53 cpe:2.3:a:jenkins-ci:subversion-plugin:*:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.0 cpe:2.3:a:jenkins-ci:subversion-plugin:1.0:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.1 cpe:2.3:a:jenkins-ci:subversion-plugin:1.1:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.2 cpe:2.3:a:jenkins-ci:subversion-plugin:1.2:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.3 cpe:2.3:a:jenkins-ci:subversion-plugin:1.3:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.4 cpe:2.3:a:jenkins-ci:subversion-plugin:1.4:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.5 cpe:2.3:a:jenkins-ci:subversion-plugin:1.5:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.6 cpe:2.3:a:jenkins-ci:subversion-plugin:1.6:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.7 cpe:2.3:a:jenkins-ci:subversion-plugin:1.7:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.8 cpe:2.3:a:jenkins-ci:subversion-plugin:1.8:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.9 cpe:2.3:a:jenkins-ci:subversion-plugin:1.9:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.10 cpe:2.3:a:jenkins-ci:subversion-plugin:1.10:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.11 cpe:2.3:a:jenkins-ci:subversion-plugin:1.11:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.12 cpe:2.3:a:jenkins-ci:subversion-plugin:1.12:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.13 cpe:2.3:a:jenkins-ci:subversion-plugin:1.13:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.14 cpe:2.3:a:jenkins-ci:subversion-plugin:1.14:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.15 cpe:2.3:a:jenkins-ci:subversion-plugin:1.15:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.16 cpe:2.3:a:jenkins-ci:subversion-plugin:1.16:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.17 cpe:2.3:a:jenkins-ci:subversion-plugin:1.17:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.18 cpe:2.3:a:jenkins-ci:subversion-plugin:1.18:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.19 cpe:2.3:a:jenkins-ci:subversion-plugin:1.19:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.20 cpe:2.3:a:jenkins-ci:subversion-plugin:1.20:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.21 cpe:2.3:a:jenkins-ci:subversion-plugin:1.21:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.22 cpe:2.3:a:jenkins-ci:subversion-plugin:1.22:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.23 cpe:2.3:a:jenkins-ci:subversion-plugin:1.23:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.24 cpe:2.3:a:jenkins-ci:subversion-plugin:1.24:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.25 cpe:2.3:a:jenkins-ci:subversion-plugin:1.25:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.26 cpe:2.3:a:jenkins-ci:subversion-plugin:1.26:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.27 cpe:2.3:a:jenkins-ci:subversion-plugin:1.27:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.28 cpe:2.3:a:jenkins-ci:subversion-plugin:1.28:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.29 cpe:2.3:a:jenkins-ci:subversion-plugin:1.29:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.30 cpe:2.3:a:jenkins-ci:subversion-plugin:1.30:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.31 cpe:2.3:a:jenkins-ci:subversion-plugin:1.31:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.32 cpe:2.3:a:jenkins-ci:subversion-plugin:1.32:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.33 cpe:2.3:a:jenkins-ci:subversion-plugin:1.33:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.34 cpe:2.3:a:jenkins-ci:subversion-plugin:1.34:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.35 cpe:2.3:a:jenkins-ci:subversion-plugin:1.35:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.36 cpe:2.3:a:jenkins-ci:subversion-plugin:1.36:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.37 cpe:2.3:a:jenkins-ci:subversion-plugin:1.37:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.38 cpe:2.3:a:jenkins-ci:subversion-plugin:1.38:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.39 cpe:2.3:a:jenkins-ci:subversion-plugin:1.39:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.40 cpe:2.3:a:jenkins-ci:subversion-plugin:1.40:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.41 cpe:2.3:a:jenkins-ci:subversion-plugin:1.41:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.42 cpe:2.3:a:jenkins-ci:subversion-plugin:1.42:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.43 cpe:2.3:a:jenkins-ci:subversion-plugin:1.43:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.44 cpe:2.3:a:jenkins-ci:subversion-plugin:1.44:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.45 cpe:2.3:a:jenkins-ci:subversion-plugin:1.45:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.46 cpe:2.3:a:jenkins-ci:subversion-plugin:1.46:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.47 cpe:2.3:a:jenkins-ci:subversion-plugin:1.47:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.48 cpe:2.3:a:jenkins-ci:subversion-plugin:1.48:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.49 cpe:2.3:a:jenkins-ci:subversion-plugin:1.49:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.50 cpe:2.3:a:jenkins-ci:subversion-plugin:1.50:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.51 cpe:2.3:a:jenkins-ci:subversion-plugin:1.51:*:*:*:*:*:*:*
jenkins-ci subversion-plugin 1.52 cpe:2.3:a:jenkins-ci:subversion-plugin:1.52:*:*:*:*:*:*:*

References for CVE-2013-6372

cvelogic Threat Intelligence