CVE-2013-2034

2014-05-1419:55:07

CWE-352

[email protected]

web.nvd.nist.gov

jenkins

csrf

vulnerability

1.514

nvd

cve-2013-2034

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.0%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

Affected configurations

NVD

Node

cloudbeesjenkinsRange≤1.513

cloudbeesjenkinsMatch1.466enterprise

cloudbeesjenkinsMatch1.480enterprise

cloudbeesjenkinsMatch1.509lts

CPENameOperatorVersion
cloudbees:jenkinscloudbees jenkinsle1.513
cloudbees:jenkinscloudbees jenkinseq1.466
cloudbees:jenkinscloudbees jenkinseq1.480
cloudbees:jenkinscloudbees jenkinseq1.509

CPE	Name	Operator	Version
cloudbees:jenkins	cloudbees jenkins	le	1.513
cloudbees:jenkins	cloudbees jenkins	eq	1.466
cloudbees:jenkins	cloudbees jenkins	eq	1.480
cloudbees:jenkins	cloudbees jenkins	eq	1.509