VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-rrwv-dzq7-9ybd

Essentials
Severities (25)
References (11)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-rrwv-dzq7-9ybd
Aliases	CVE-2013-2034 GHSA-fg4r-f9j2-36mw
Summary	Jenkins Cross-Site Request Forgery vulnerabilities Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-352	Cross-Site Request Forgery (CSRF)
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	https://access.redhat.com/errata/RHEA-2013:1032
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2013-2034
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=958958
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-fg4r-f9j2-36mw
generic_textual	MODERATE	https://issues.jenkins-ci.org/browse/SECURITY-63
generic_textual	MODERATE	https://issues.jenkins-ci.org/browse/SECURITY-69
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2013-2034
generic_textual	MODERATE	https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02
generic_textual	MODERATE	http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHEA-2013:1032
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2034.json
		https://access.redhat.com/security/cve/CVE-2013-2034
		https://api.first.org/data/v1/epss?cve=CVE-2013-2034
		https://bugzilla.redhat.com/show_bug.cgi?id=958958
		https://issues.jenkins-ci.org/browse/SECURITY-63
		https://issues.jenkins-ci.org/browse/SECURITY-69
		https://nvd.nist.gov/vuln/detail/CVE-2013-2034
		https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02
		http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
GHSA-fg4r-f9j2-36mw		https://github.com/advisories/GHSA-fg4r-f9j2-36mw

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.55955
EPSS Score	0.00332
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:11:04.154355+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fg4r-f9j2-36mw/GHSA-fg4r-f9j2-36mw.json	38.0.0