CVE-2013-6372
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0006 (0.1%)
Percentile: 18.8%
EPSS: 2026-05-06
Affects
jenkins-ci:subversion-pluginTechnical description
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
Published: 5/8/2014, 2:29:11 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1032391
- https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
- https://bugzilla.redhat.com/show_bug.cgi?id=1032391
- https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20