Jenkins CVE-2013-0329 Cross Site Request Forgery Vulnerability

Bugtraq ID:	58456
Class:	Design Error
CVE:	CVE-2013-0329
Remote:	Yes
Local:	No
Published:	Feb 17 2013 12:00AM
Updated:	Mar 19 2015 09:46AM
Credit:	The vendor reported this issue.
Vulnerable:
Not Vulnerable:

Jenkins CVE-2013-0329 Cross Site Request Forgery Vulnerability

Jenkins is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions and gain access to the affected application. Other attacks are also possible.

Versions prior to Jenkins 1.480.3 and 1.502 are vulnerable.

Jenkins CVE-2013-0329 Cross Site Request Forgery Vulnerability

To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.

Jenkins CVE-2013-0329 Cross Site Request Forgery Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.