mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
98 lines
3.4 KiB
JSON
98 lines
3.4 KiB
JSON
{
|
|
"id": "CVE-2013-2034",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2014-05-14T19:55:07.403",
|
|
"lastModified": "2023-02-13T04:42:42.987",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "M\u00faltiples vulnerabilidades de CSRF en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x en versiones anteriores a 1.466.14.1 y 1.480.x en versiones anteriores a 1.480.4.1 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones de (1) ejecutar c\u00f3digo arbitrario o (2) iniciar el despliegue de binarios para un repositorio Maven a trav\u00e9s de vectores no especificados."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 6.8
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-352"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.513",
|
|
"matchCriteriaId": "1883ADFF-74C1-4A59-8F45-392810E89E64"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.466:*:*:*:enterprise:*:*:*",
|
|
"matchCriteriaId": "B055B30F-8650-419D-8A17-681FB96762E9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.480:*:*:*:enterprise:*:*:*",
|
|
"matchCriteriaId": "01F691EE-11D4-47CD-A07B-1002CAAB0EA2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudbees:jenkins:1.509:*:*:*:lts:*:*:*",
|
|
"matchCriteriaId": "32675A89-01CA-4D22-9C78-9334036CC9D0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |