Jenkins Cross-Site Request Forgery vulnerabilities

GHSA-fg4r-f9j2-36mw · CVE-2013-2034

Published May 17, 2022 · Modified Dec 4, 2024

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-2034
WEB https://access.redhat.com/errata/RHEA-2013:1032
WEB https://access.redhat.com/security/cve/CVE-2013-2034
WEB https://bugzilla.redhat.com/show_bug.cgi?id=958958
WEB https://issues.jenkins-ci.org/browse/SECURITY-63
WEB https://issues.jenkins-ci.org/browse/SECURITY-69
WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02
WEB http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes