CVE-2013-0330
Description
Authenticated users with write access could trigger build of arbitrary jobs in Jenkins before 1.502 and LTS before 1.480.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated users with write access could trigger build of arbitrary jobs in Jenkins before 1.502 and LTS before 1.480.3.
Vulnerability
CVE-2013-0330 is an unspecified vulnerability in Jenkins that allows remote authenticated users with write access to build arbitrary jobs. Affected versions include Jenkins before 1.502 and Jenkins LTS before 1.480.3. The issue is triggered via unknown attack vectors, as described in the official CVE description [2]. References from Red Hat indicate that a flaw could allow a Jenkins user to build jobs they do not have access to [1][4].
Exploitation
An attacker must have a valid Jenkins account with write access to the system. No additional conditions such as race window timing or user interaction are required based on available references. The exact sequence of steps is not specified, but the attacker leverages missing or insufficient authorization checks to initiate builds of jobs not normally permitted [1][4].
Impact
Successful exploitation allows the attacker to build arbitrary jobs without proper authorization. This can lead to unauthorized execution of build logic, potentially resulting in code execution, data exposure, or unintended resource consumption. The privilege level achieved is that of a user with write access, but the attacker can perform actions beyond their intended scope [1][4].
Mitigation
Jenkins administrators should upgrade to Jenkins version 1.502 or later, or Jenkins LTS version 1.480.3 or later, which contain the fix for this vulnerability. For Red Hat OpenShift Enterprise users, updating to version 1.1.2 addresses the issue, as noted in RHSA-2013:0638 [1]. No workaround is provided for unpatched versions, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | >= 1.481, < 1.502 | 1.502 |
org.jenkins-ci.main:jenkins-coreMaven | < 1.480.3 | 1.480.3 |
Affected products
3cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*range: <=1.501
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*range: <=1.480.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cbnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-25c5-58xw-hw5qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-0330ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2013-0638.htmlnvdWEB
- www.openwall.com/lists/oss-security/2013/02/21/7nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- web.archive.org/web/20200229023853/http://www.securityfocus.com/bid/57994ghsaWEB
- wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16nvdWEB
- www.securityfocus.com/bid/57994nvd
News mentions
0No linked articles in our index yet.