CVE-2013-2034 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <1.509.1 || >=1.513 <1.514

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00745 pctl0.72143

Details

Jenkins Cross-Site Request Forgery vulnerabilities Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

Metadata

Created: 2022-05-17T03:51:00Z
Modified: 2023-02-08T17:54:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fg4r-f9j2-36mw/GHSA-fg4r-f9j2-36mw.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-fg4r-f9j2-36mw
Finding: F007
Auto approve: 1