CVE-2013-2034

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

How to fix CVE-2013-2034

To remediate CVE-2013-2034, upgrade the affected package to a fixed version below.

• Maven/org.jenkins-ci.main:jenkins-core—upgrade to 1.509.1 or later

Is CVE-2013-2034 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.509.1

References (8)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-2034
• WEBaccess.redhat.com/errata/RHEA-2013:1032
• WEBaccess.redhat.com/security/cve/CVE-2013-2034
• WEBbugzilla.redhat.com/show_bug.cgi?id=958958
• WEB