CVE-2013-0327 — Jenkins Cross-Site Request Forgery vulnerability

Description

Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors.

How to fix CVE-2013-0327

To remediate CVE-2013-0327, upgrade the affected package to a fixed version below.

Maven/org.jenkins-ci.main:jenkins-core—upgrade to 1.502 or later

Is CVE-2013-0327 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 1.481, < 1.502

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-0327
WEBrhn.redhat.com/errata/RHSA-2013-0638.html
WEBaccess.redhat.com/errata/RHSA-2013:0638
WEBaccess.redhat.com/security/cve/CVE-2013-0327
WEB