CVE-2013-2034 — Cross-Site Request Forgery in Jenkins

CWE-352 — Cross-Site Request Forgery7 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 43.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudbees Jenkins

Timeline

PublishedMay 14

Latest updateMay 17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDcloudbees/jenkins1.513+3

🔴Vulnerability Details

GHSA

Jenkins Cross-Site Request Forgery vulnerabilities↗2022-05-17

▶

OSV

Jenkins Cross-Site Request Forgery vulnerabilities↗2022-05-17

▶

CVEList

CVE-2013-2034: Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1↗2014-05-14

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2013-05-02↗2013-05-02

▶

Red Hat

Jenkins: Multiple CSRF in MavenAbstractArtifactRecord.doRedeploy and Jenkins.doEval↗2013-05-02

▶

💬Community

Bugzilla

CVE-2013-2034 Jenkins: Multiple CSRF in MavenAbstractArtifactRecord.doRedeploy and Jenkins.doEval↗2013-05-02

▶