CVE-2013-2034
Jenkins < 1.514 and LTS < 1.509.1 - Cross-Site Request Forgery
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/92981
Scores
EPSS
0.0162
EPSS Percentile
73.3%
Details
CWE
CWE-352
Status
published
Products (5)
cloudbees/jenkins
1.466
cloudbees/jenkins
1.480
cloudbees/jenkins
1.509
cloudbees/jenkins
< 1.513
org.jenkins-ci.main/jenkins-core
0 - 1.509.1Maven
Published
May 14, 2014
Tracked Since
Feb 18, 2026