Published: 14/05/2014 Updated: 13/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins prior to 1.514, LTS prior to 1.509.1, and Enterprise 1.466.x prior to 1.466.14.1 and 1.480.x prior to 1.480.4.1 allow remote malicious users to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cloudbees jenkins
cloudbees jenkins 1.466
cloudbees jenkins 1.480
cloudbees jenkins 1.509

Debian Bug report logs - #706725 jenkins: multiple security vulnerabilities Package: jenkins; Maintainer for jenkins is (unknown); Reported by: Nobuhiro Ban <bannobuhiro@gmailcom> Date: Fri, 3 May 2013 18:57:02 UTC Severity: grave Tags: security Found in version jenkins/14472+dfsg-3 Fixed in version jenkins/15092+d ...

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1514, LTS before 15091, and Enterprise 1466x before 1466141 and 1480x before 148041 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository ...

CWE-352 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb http://osvdb.org/92981 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706725 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-2034

CVE-2013-2034

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect