{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-06-09T13:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"}, {"name": "92981", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/92981"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:37.470Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"}, {"name": "92981", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/92981"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2034", "datePublished": "2014-05-14T19:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:37.470Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*", "matchCriteriaId": "1883ADFF-74C1-4A59-8F45-392810E89E64", "versionEndIncluding": "1.513", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudbees:jenkins:1.466:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B055B30F-8650-419D-8A17-681FB96762E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudbees:jenkins:1.480:*:*:*:enterprise:*:*:*", "matchCriteriaId": "01F691EE-11D4-47CD-A07B-1002CAAB0EA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudbees:jenkins:1.509:*:*:*:lts:*:*:*", "matchCriteriaId": "32675A89-01CA-4D22-9C78-9334036CC9D0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de CSRF en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x en versiones anteriores a 1.466.14.1 y 1.480.x en versiones anteriores a 1.480.4.1 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones de (1) ejecutar c\u00f3digo arbitrario o (2) iniciar el despliegue de binarios para un repositorio Maven a trav\u00e9s de vectores no especificados."}], "id": "CVE-2013-2034", "lastModified": "2023-02-13T04:42:42.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-14T19:55:07.403", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/92981"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "atlas-0:3.8.4-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "facter-0:1.6.6-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "gd-0:2.0.35-11.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "gdbm-0:1.8.0-36.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "geos-0:3.3.1-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ghostscript-0:8.70-15.el6_4.1", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "haproxy-0:1.4.22-5.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ImageMagick-0:6.5.4.7-6.el6_2", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "jasper-0:1.900.1-15.el6_1.1", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "jboss-eap6-index-0:6.0.0.GA-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "jboss-eap6-modules-0:6.0.0.GA-8.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "jenkins-0:1.509.1-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "jenkins-plugin-openshift-0:0.6.19-0.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "js-0:1.70-12.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "lapack-0:3.2.1-4.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "lcms-0:1.19-1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "libc-client-0:2007e-11.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "libcgroup-0:0.37-7.2.el6_4", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "libmcrypt-0:2.5.8-10.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "nodejs-0:0.6.20-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "nodejs-async-0:0.1.16-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "nodejs-commander-0:0.6.1-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "nodejs-mkdirp-0:0.3.0-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "nodejs-optimist-0:0.3.5-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "nodejs-options-0:0.0.3-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "nodejs-supervisor-0:0.4.1-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "nodejs-tinycolor-0:0.0.1-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "nodejs-wordwrap-0:0.0.2-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "nodejs-ws-0:0.4.22-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-cron-0:1.7.6-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-cron-1.4-0:1.9.1-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-diy-0:0.4.8-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-haproxy-0:0.4.10-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-jbossews-0:0.4.7-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-jenkins-0:1.9.8-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-jenkins-client-0:1.8.6-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-mock-0:0.4.7-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-mock-plugin-0:0.4.5-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-mysql-0:0.3.7-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-perl-0:0.4.8-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-php-0:0.4.9-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-postgresql-0:0.2.7-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-python-0:0.4.8-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-cartridge-ruby-0:0.4.9-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-msg-node-mcollective-0:1.9.3-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-node-proxy-0:0.9.2-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-node-util-0:1.9.9-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-port-proxy-0:1.6.4-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "org.apache.maven-maven-0:3.0.3-4", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "pam_openshift-0:1.6.1-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-App-cpanminus-0:1.4008-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-Class-Accessor-0:0.31-6.1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-Class-Data-Inheritable-0:0.08-3.1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-Class-DBI-0:3.0.17-5.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-Class-DBI-Pg-0:0.09-9.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-Class-Factory-Util-0:1.7-5.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-Class-Trigger-0:0.13-2.1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-Clone-0:0.31-3.1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-DateTime-Format-Builder-0:0.7901-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-DateTime-Format-Pg-0:0.16004-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-DateTime-Format-Strptime-0:1.1000-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-DBIx-ContextualFetch-0:1.03-7.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-Ima-DBI-0:0.35-7.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-IO-stringy-0:2.110-10.1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-JSON-0:2.15-5.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-UNIVERSAL-moniker-0:0.08-9.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "perl-YAML-0:0.70-4.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "php-0:5.3.3-22.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "php-extras-0:5.3.3-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "php-pear-MDB2-0:2.5.0-0.3.b3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "php-pear-MDB2-Driver-pgsql-0:1.5.0-0.1.b3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "php-pecl-imagick-0:2.2.2-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "php-pecl-xdebug-0:2.1.4-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "php-php-gettext-0:1.0.11-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "postgis-0:1.5.3-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "postgresql-ip4r-0:1.05-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "proj-0:4.7.0-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "python-virtualenv-0:1.7-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-facter-0:1.6.6-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-js-1:1.8.5-10.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-bacon-0:1.1.0-8.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-bcrypt-ruby-0:3.0.1-7.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-commander-0:4.0.3-5.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-daemon_controller-0:1.1.0-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-daemons-0:1.0.10-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-fakeweb-0:1.3.0-8.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-fastthread-0:1.0.7-7.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-highline-0:1.6.16-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-http_connection-0:1.4.1-7.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-introspection-0:0.0.2-7.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-json_pure-0:1.7.3-1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-metaclass-0:0.0.1-8.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-mocha-0:0.12.10-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-pg-0:0.12.2-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-rspec-0:2.11.0-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-rspec-core-0:2.11.1-1", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-rspec-expectations-0:2.11.1-2", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-rspec-mocks-0:2.11.1-1", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-ruby2ruby-0:1.3.1-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-sinatra-1:1.3.2-11.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-sqlite3-0:1.3.6-1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-test_declarative-0:0.0.5-3.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-ZenTest-0:4.8.1-1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-ruby-mysql-0:2.8.2-8.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-ruby-selinux-0:2.0.94-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-bson-0:1.8.3-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-bson_ext-0:1.8.3-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-builder-0:2.1.2-5.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-bundler-0:1.0.21-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-diff-lcs-0:1.1.2-5.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-fastthread-0:1.0.7-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-nokogiri-0:1.4.3.1-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-open4-0:1.3.0-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-openshift-origin-node-0:1.9.13-1.2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-ParseTree-0:3.0.5-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-passenger-0:3.0.17-2.el6op.1", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-rack-1:1.3.0-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-rake-0:0.8.7-2.1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-ruby2ruby-0:1.2.4-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-RubyInline-0:3.8.4-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-ruby_parser-0:2.0.4-6.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-sexp_processor-0:3.0.4-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-sqlite3-0:1.3.3-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-thor-0:0.14.6-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-thread-dump-0:0.0.5-93.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-ZenTest-0:4.3.3-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby-mysql-0:2.8.2-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby-RMagick-0:2.13.1-6.el6op.1", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1032", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "uuid-0:1.6.1-10.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}], "bugzilla": {"description": "Jenkins: Multiple CSRF in MavenAbstractArtifactRecord.doRedeploy and Jenkins.doEval", "id": "958958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958958"}, "csaw": false, "cvss": {"cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-352", "details": ["Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors."], "name": "CVE-2013-2034", "public_date": "2013-05-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2034\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2034\nhttps://issues.jenkins-ci.org/browse/SECURITY-63\nhttps://issues.jenkins-ci.org/browse/SECURITY-69\nhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02"], "threat_severity": "Important"}