CVE-2013-2034
published 2014-05-14CVE-2013-2034: Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.62%
73.1th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudbees | jenkins | <= 1.513 | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| jenkins | jenkins_core | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Jenkins Cross-Site Request Forgery vulnerabilities
ghsa·2022-05-17
CVE-2013-2034 [MEDIUM] CWE-352 Jenkins Cross-Site Request Forgery vulnerabilities
Jenkins Cross-Site Request Forgery vulnerabilities
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
OSV
Jenkins Cross-Site Request Forgery vulnerabilities
osv·2022-05-17
CVE-2013-2034 [MEDIUM] Jenkins Cross-Site Request Forgery vulnerabilities
Jenkins Cross-Site Request Forgery vulnerabilities
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
Jenkins
Jenkins Security Advisory 2013-05-02
vendor_jenkins·2013-05-02·CVSS 4.3
CVE-2013-1808 [MEDIUM] Jenkins Security Advisory 2013-05-02
Title: Jenkins Security Advisory 2013-05-02
Jenkins Security Advisory 2013-05-02
This advisory announces multiple security vulnerabilities that were found in Jenkins core.
Description
SECURITY-63 / CVE-2013-2034
This creates a cross-site request forgery (CSRF) vulnerability on the Jenkins controller, where an anonymous attacker can trick an administrator to execute arbitrary code on the Jenkins controller by having him open a specifically crafted attack URL.
There’s also a related vulnerability where the permission check on this ability is done imprecisely, which may affect those who are running Jenkins instances with a custom authorization strategy plugin.
SECURITY-67 / CVE-2013-2033
This creates a cross-site scripting (XSS) vulnera
Red Hat
Jenkins: Multiple CSRF in MavenAbstractArtifactRecord.doRedeploy and Jenkins.doEval
vendor_redhat·2013-05-02·CVSS 6.8
CVE-2013-2034 [MEDIUM] CWE-352 Jenkins: Multiple CSRF in MavenAbstractArtifactRecord.doRedeploy and Jenkins.doEval
Jenkins: Multiple CSRF in MavenAbstractArtifactRecord.doRedeploy and Jenkins.doEval
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
No detection rules found.
No public exploits indexed.
2014-05-14
Published