Jenkins Cross-Site Request Forgery vulnerabilities
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Feb 8, 2023
Package
Affected versions
< 1.509.1
>= 1.513, < 1.514
Patched versions
1.509.1
1.514
Description
Published by the National Vulnerability Database
May 14, 2014
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Feb 8, 2023
Last updated
Feb 8, 2023
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
References