Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1mZzRyLWY5ajItMzZtd84AAdPD

Jenkins Cross-Site Request Forgery vulnerabilities

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

Permalink: https://github.com/advisories/GHSA-fg4r-f9j2-36mw
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mZzRyLWY5ajItMzZtd84AAdPD
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago


EPSS Percentage: 0.00237
EPSS Percentile: 0.62509

Identifiers: GHSA-fg4r-f9j2-36mw, CVE-2013-2034
References: Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: >= 1.513, < 1.514, < 1.509.1
Fixed in: 1.514, 1.509.1