Lucene search

K
cve[email protected]CVE-2013-2034
HistoryMay 14, 2014 - 7:55 p.m.

CVE-2013-2034

2014-05-1419:55:07
CWE-352
web.nvd.nist.gov
38
jenkins
csrf
vulnerability
1.514
nvd
cve-2013-2034

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

62.0%

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

Affected configurations

NVD
Node
cloudbeesjenkinsRange1.513
OR
cloudbeesjenkinsMatch1.466enterprise
OR
cloudbeesjenkinsMatch1.480enterprise
OR
cloudbeesjenkinsMatch1.509lts

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

62.0%