CVE-2013-2034

Jenkins < 1.514 and LTS < 1.509.1 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/92981

Scores

EPSS 0.0162
EPSS Percentile 73.3%

Details

CWE
CWE-352
Status published
Products (5)
cloudbees/jenkins 1.466
cloudbees/jenkins 1.480
cloudbees/jenkins 1.509
cloudbees/jenkins < 1.513
org.jenkins-ci.main/jenkins-core 0 - 1.509.1Maven
Published May 14, 2014
Tracked Since Feb 18, 2026