CVE-2013-0327

Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb
http://rhn.redhat.com/errata/RHSA-2013-0638.html
https://bugzilla.redhat.com/show_bug.cgi?id=914875
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
http://www.openwall.com/lists/oss-security/2013/02/21/7

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*

Information

Published : 2013-03-19 07:55

Updated : 2023-02-12 20:41

NVD link : CVE-2013-0327

Mitre link : CVE-2013-0327

JSON object : View

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

Products Affected

jenkins

jenkins

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb", "name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb", "tags": [], "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html", "name": "RHSA-2013:0638", "tags": [], "refsource": "REDHAT"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914875", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=914875", "tags": [], "refsource": "MISC"}, {"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/21/7", "name": "[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-352"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-0327", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-03-19T14:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.501"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.480.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T04:41Z"}