Description
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/01/12/6
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
https://www.oracle.com/security-alerts/cpuapr2022.html
Related Vulnerabilities
CVE-2020-7608 Vulnerability in maven package org.webjars.npm:yargs-parser
CVE-2022-36898 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations
CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-persistence-elasticsearch-core
CVE-2022-24785 Vulnerability in maven package org.webjars.bowergithub.moment:moment
CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-main