Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-kwt4-b76w-tfas

Summary

Cross-Site Request Forgery (CSRF)
Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors.

Aliases

alias	CVE-2013-0327

alias	GHSA-rqhg-cxfr-8xqw

Fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.3
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@1.502
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@1.502
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.502

Affected_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@1.481

purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.481

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e6j-926u-kbhz

vulnerability	VCID-59k5-93zx-17dn

vulnerability	VCID-b4dc-bc34-jfdz

vulnerability	VCID-e9c4-wjkd-4kgp

vulnerability	VCID-ka2b-nyb7-s3c7

vulnerability	VCID-kwt4-b76w-tfas

vulnerability	VCID-napq-s84t-dfct

vulnerability	VCID-ntb4-3udv-s7fv

vulnerability	VCID-ruc8-365z-b7fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.481

url pkg:rpm/redhat/jenkins@1.502-1?arch=el6op

purl pkg:rpm/redhat/jenkins@1.502-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-cpn8-w7h1

vulnerability	VCID-59k5-93zx-17dn

vulnerability	VCID-9wdu-x7wy-tkf4

vulnerability	VCID-ka2b-nyb7-s3c7

vulnerability	VCID-kwt4-b76w-tfas

vulnerability	VCID-ntb4-3udv-s7fv

vulnerability	VCID-y12d-fjpf-uubh

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@1.502-1%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-jenkins-1.4@1.0.3-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-jenkins-1.4@1.0.3-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-cpn8-w7h1

vulnerability	VCID-59k5-93zx-17dn

vulnerability	VCID-9wdu-x7wy-tkf4

vulnerability	VCID-ka2b-nyb7-s3c7

vulnerability	VCID-kwt4-b76w-tfas

vulnerability	VCID-ntb4-3udv-s7fv

vulnerability	VCID-y12d-fjpf-uubh

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-jenkins-1.4@1.0.3-1%3Farch=el6op

url pkg:rpm/redhat/ruby193-rubygem-rack@1:1.4.1-4?arch=el6

purl pkg:rpm/redhat/ruby193-rubygem-rack@1:1.4.1-4?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-cpn8-w7h1

vulnerability	VCID-59k5-93zx-17dn

vulnerability	VCID-9wdu-x7wy-tkf4

vulnerability	VCID-ka2b-nyb7-s3c7

vulnerability	VCID-kwt4-b76w-tfas

vulnerability	VCID-ntb4-3udv-s7fv

vulnerability	VCID-y12d-fjpf-uubh

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby193-rubygem-rack@1:1.4.1-4%3Farch=el6

url pkg:rpm/redhat/rubygem-rack@1:1.3.0-4?arch=el6op

purl pkg:rpm/redhat/rubygem-rack@1:1.3.0-4?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1r79-ts6t-hufh

vulnerability	VCID-35e6-cpn8-w7h1

vulnerability	VCID-59k5-93zx-17dn

vulnerability	VCID-5ey2-dm5w-y7a6

vulnerability	VCID-9wdu-x7wy-tkf4

vulnerability	VCID-c883-yge1-yygb

vulnerability	VCID-ka2b-nyb7-s3c7

vulnerability	VCID-kwt4-b76w-tfas

vulnerability	VCID-ntb4-3udv-s7fv

vulnerability	VCID-rrwv-dzq7-9ybd

vulnerability	VCID-s2ka-cp49-q3hz

vulnerability	VCID-vnm4-gfjh-8qa7

vulnerability	VCID-xenc-mfdw-mucm

vulnerability	VCID-y12d-fjpf-uubh

vulnerability	VCID-z46p-c93u-auav

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-rack@1:1.3.0-4%3Farch=el6op

References

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0638.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0638.html

reference_url

https://access.redhat.com/errata/RHSA-2013:0638

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0638

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0327.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0327.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0327

reference_id

reference_type

scores

value	0.00239
scoring_system	epss
scoring_elements	0.47034
published_at	2026-04-13T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.47053
published_at	2026-04-11T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.47086
published_at	2026-04-18T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.4709
published_at	2026-04-16T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.47033
published_at	2026-04-08T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.47029
published_at	2026-04-09T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46976
published_at	2026-04-01T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.47027
published_at	2026-04-12T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.47012
published_at	2026-04-02T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.47031
published_at	2026-04-04T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46979
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0327

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=914875

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=914875

reference_url

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16

reference_url

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb

reference_url

http://www.openwall.com/lists/oss-security/2013/02/21/7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/21/7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url

https://access.redhat.com/security/cve/CVE-2013-0327

reference_id

CVE-2013-0327

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-0327

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0327

reference_id

CVE-2013-0327

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0327

reference_url

https://github.com/advisories/GHSA-rqhg-cxfr-8xqw

reference_id

GHSA-rqhg-cxfr-8xqw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rqhg-cxfr-8xqw

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	352
name	Cross-Site Request Forgery (CSRF)
description	The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwt4-b76w-tfas

Vulnerability Instance