Description
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/01/12/6
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
https://www.oracle.com/security-alerts/cpuapr2022.html
Related Vulnerabilities
CVE-2020-1745 Vulnerability in maven package io.undertow:undertow-core
CVE-2019-15657 Vulnerability in maven package org.webjars.npm:eslint-utils
CVE-2023-33546 Vulnerability in maven package org.codehaus.janino:janino-parent
CVE-2019-18213 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.web