CVE-2013-7330 - Vulnerability Details - OpenCVE

Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00068.

Key SSVC decision points have not yet been added.

Vendors	Products
Jenkins	Jenkins
Redhat	Openshift

Configuration 1 [-]

cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Enterprise 2.1
jenkins-0:1.565.3-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:1630	2014-10-14T00:00:00Z
jenkins-plugin-openshift-0:0.6.40.1-0.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:1630	2014-10-14T00:00:00Z
openshift-origin-cartridge-jenkins-0:1.20.3.5-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHBA-2014:1630	2014-10-14T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-4072	Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.
Github GHSA	GHSA-h5jv-hg68-mjhg	Jenkins allows attackers to configure restricted projects

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2014/02/21/2
https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8
https://nvd.nist.gov/vuln/detail/CVE-2013-7330
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
https://www.cve.org/CVERecord?id=CVE-2013-7330

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2014-10-17T15:00:00

Updated: 2024-08-06T18:01:20.330Z

Reserved: 2014-02-20T00:00:00

Link: CVE-2013-7330

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-10-17T15:55:05.463

Modified: 2025-04-12T10:46:40.837

Link: CVE-2013-7330

Redhat

Severity : Moderate

Publid Date: 2014-02-11T00:00:00Z

Links: CVE-2013-7330 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-14T00:00:00", "descriptions": [{"lang": "en", "value": "Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-06-09T15:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8"}, {"name": "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2013-7330", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8", "refsource": "CONFIRM", "url": "https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8"}, {"name": "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2"}, {"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "refsource": "CONFIRM", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:01:20.330Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8"}, {"name": "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2013-7330", "datePublished": "2014-10-17T15:00:00", "dateReserved": "2014-02-20T00:00:00", "dateUpdated": "2024-08-06T18:01:20.330Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "matchCriteriaId": "5815F006-F668-40CD-B26C-AF3F9AD2C7F9", "versionEndIncluding": "1.501", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions."}, {"lang": "es", "value": "Jenkins en versiones anteriores a 1.502 permite a usuarios remotos autenticados configurar un proyecto restringido de otro modo a trav\u00e9s de vectores relacionados con acciones post-build."}], "id": "CVE-2013-7330", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-17T15:55:05.463", "references": [{"source": "security@debian.org", "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8"}, {"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}