CVE-2013-2034: Jenkins Cross-Site Request Forgery vulnerabilities
6.8
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.72072%
CWE
Published
5/17/2022
Updated
2/8/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.jenkins-ci.main:jenkins-core | maven | < 1.509.1 | 1.509.1 |
org.jenkins-ci.main:jenkins-core | maven | >= 1.513, < 1.514 | 1.514 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The analysis identifies two key vulnerable functions based on:
- CloudBees advisory explicitly names MavenAbstractArtifactRecord.doRedeploy for Maven deployment CSRF and Jenkins.doEval for code execution
- Red Hat Bugzilla 958958 description confirms these two endpoints as attack vectors
- NVD change history shows these functions in the vulnerability description
- These are handler methods for critical administrative actions that lacked CSRF protections in vulnerable versions
- Both functions would appear in stack traces when processing malicious CSRF requests to /jenkins/... endpoints