Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mZzRyLWY5ajItMzZtd84AAdPD
Jenkins Cross-Site Request Forgery vulnerabilities
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
Permalink: https://github.com/advisories/GHSA-fg4r-f9j2-36mwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mZzRyLWY5ajItMzZtd84AAdPD
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-fg4r-f9j2-36mw, CVE-2013-2034
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-2034
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
- https://access.redhat.com/errata/RHEA-2013:1032
- https://access.redhat.com/security/cve/CVE-2013-2034
- https://bugzilla.redhat.com/show_bug.cgi?id=958958
- https://issues.jenkins-ci.org/browse/SECURITY-63
- https://issues.jenkins-ci.org/browse/SECURITY-69
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02
- https://github.com/advisories/GHSA-fg4r-f9j2-36mw
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: >= 1.513, < 1.514, < 1.509.1Fixed in: 1.514, 1.509.1