Miggo Logo
Miggo Vulnerability Database
CVE-2013-2034

CVE-2013-2034: Jenkins Cross-Site Request Forgery vulnerabilities

6.8

CVSS Score

Basic Information

CVE ID
CVE-2013-2034
GHSA ID
GHSA-fg4r-f9j2-36mw
EPSS Score
0.72072%
CWE
CWE-352
Published
5/17/2022
Updated
2/8/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.main:jenkins-coremaven< 1.509.11.509.1
org.jenkins-ci.main:jenkins-coremaven>= 1.513, < 1.5141.514

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis identifies two key vulnerable functions based on:

  1. CloudBees advisory explicitly names MavenAbstractArtifactRecord.doRedeploy for Maven deployment CSRF and Jenkins.doEval for code execution
  2. Red Hat Bugzilla 958958 description confirms these two endpoints as attack vectors
  3. NVD change history shows these functions in the vulnerability description
  4. These are handler methods for critical administrative actions that lacked CSRF protections in vulnerable versions
  5. Both functions would appear in stack traces when processing malicious CSRF requests to /jenkins/... endpoints

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Multipl* *ross-sit* r*qu*st *or**ry (*SR*) vuln*r**iliti*s in J*nkins ***or* *.***, LTS ***or* *.***.*, *n* *nt*rpris* *.***.x ***or* *.***.**.* *n* *.***.x ***or* *.***.*.* *llow r*mot* *tt**k*rs to *ij**k t** *ut**nti**tion o* **ministr*tors *or r*

Reasoning

T** *n*lysis i**nti*i*s two k*y vuln*r**l* *un*tions **s** on: *. *lou****s **visory *xpli*itly n*m*s M*v*n**str**t*rti***tR**or*.*oR***ploy *or M*v*n **ploym*nt *SR* *n* J*nkins.*o*v*l *or *o** *x**ution *. R** **t *u*zill* ****** **s*ription *on*i