CVE-2013-2033
published 2014-04-10CVE-2013-2033: Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1…
PriorityP412low2.1CVSS 2.0
AVNACHAuSCNIPAN
EPSS
1.86%
76.6th percentile
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudbees | jenkins | >= 1.466 < 1.466.14.1 | 1.466.14.1 |
| cloudbees | jenkins | >= 1.480 < 1.480.4.1 | 1.480.4.1 |
| jenkins | jenkins | < 1.509.1 | 1.509.1 |
| jenkins | jenkins | < 1.514 | 1.514 |
| jenkins | jenkins_core | — | — |
CVSS provenance
nvdv2.02.1LOWAV:N/AC:H/Au:S/C:N/I:P/A:N
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Jenkins vulnerable to Cross-site Scripting
osv·2022-05-14
CVE-2013-2033 [MEDIUM] Jenkins vulnerable to Cross-site Scripting
Jenkins vulnerable to Cross-site Scripting
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
GHSA
Jenkins vulnerable to Cross-site Scripting
ghsa·2022-05-14
CVE-2013-2033 [MEDIUM] CWE-79 Jenkins vulnerable to Cross-site Scripting
Jenkins vulnerable to Cross-site Scripting
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
Red Hat
Jenkins: Build Description XSS
vendor_redhat·2013-05-02·CVSS 2.1
CVE-2013-2033 [LOW] CWE-79 Jenkins: Build Description XSS
Jenkins: Build Description XSS
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
Jenkins
Jenkins Security Advisory 2013-05-02
vendor_jenkins·2013-05-02·CVSS 4.3
CVE-2013-1808 [MEDIUM] Jenkins Security Advisory 2013-05-02
Title: Jenkins Security Advisory 2013-05-02
Jenkins Security Advisory 2013-05-02
This advisory announces multiple security vulnerabilities that were found in Jenkins core.
Description
SECURITY-63 / CVE-2013-2034
This creates a cross-site request forgery (CSRF) vulnerability on the Jenkins controller, where an anonymous attacker can trick an administrator to execute arbitrary code on the Jenkins controller by having him open a specifically crafted attack URL.
There’s also a related vulnerability where the permission check on this ability is done imprecisely, which may affect those who are running Jenkins instances with a custom authorization strategy plugin.
SECURITY-67 / CVE-2013-2033
This creates a cross-site scripting (XSS) vulnera
No detection rules found.
No public exploits indexed.
http://osvdb.org/92982http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cbhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84004http://osvdb.org/92982http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cbhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84004
2014-04-10
Published