CVE-2013-0327
Jenkins < 1.502 and LTS < 1.480.3 - Cross-Site Request Forgery
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0638.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/02/21/7
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=914875
Various Sources x_refsource_confirm
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb
Third Party Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
Scores
EPSS
0.0024
EPSS Percentile
47.0%
Details
CWE
CWE-352
Status
published
Products (3)
jenkins/jenkins
< 1.480.2
jenkins/jenkins
< 1.501
org.jenkins-ci.main/jenkins-core
1.481 - 1.502Maven
Published
Mar 19, 2013
Tracked Since
Feb 18, 2026