fkie_nvd - fkie_cve-2013-2034

fkie_cve-2013-2034

Vulnerability from fkie_nvd

Published

2014-05-14 19:55

Modified

2024-11-21 01:50

Severity ?

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

References

URL	Tags
secalert@redhat.com	http://osvdb.org/92981
secalert@redhat.com	http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/92981
af854a3a-2127-422b-91ae-364da2661108	http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb	Vendor Advisory

Impacted products

Vendor	Product	Version
cloudbees	jenkins	*
cloudbees	jenkins	1.466
cloudbees	jenkins	1.480
cloudbees	jenkins	1.509

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1883ADFF-74C1-4A59-8F45-392810E89E64",
              "versionEndIncluding": "1.513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudbees:jenkins:1.466:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B055B30F-8650-419D-8A17-681FB96762E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudbees:jenkins:1.480:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01F691EE-11D4-47CD-A07B-1002CAAB0EA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudbees:jenkins:1.509:*:*:*:lts:*:*:*",
              "matchCriteriaId": "32675A89-01CA-4D22-9C78-9334036CC9D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de CSRF en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x en versiones anteriores a 1.466.14.1 y 1.480.x en versiones anteriores a 1.480.4.1 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones de (1) ejecutar c\u00f3digo arbitrario o (2) iniciar el despliegue de binarios para un repositorio Maven a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-2034",
  "lastModified": "2024-11-21T01:50:54.300",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-14T19:55:07.403",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/92981"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/92981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-2034

Vulnerability from cvelistv5

Published

2014-05-14 19:00

Modified

2024-08-06 15:20