Fluid Attacks Database

Description

Jenkins allows attackers to configure restricted projects Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.jenkins-ci.main:jenkins-core	>=1.481 <1.502 \|\| >=0 <1.480.3	1.502, 1.480.3

Aliases

1. CVE-2013-73302. NVD-2013-73303. OSV-2013-73304. GCVE-2013-7330

References

1. https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d82. https://github.com/jenkinsci/jenkins/commit/757bc8a53956e6fbab267214e6e0896f03c3c2623. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-144. http://www.openwall.com/lists/oss-security/2014/02/21/2

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.