Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/01/12/6

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2020-1745 Vulnerability in maven package io.undertow:undertow-core

CVE-2019-15657 Vulnerability in maven package org.webjars.npm:eslint-utils

CVE-2023-33546 Vulnerability in maven package org.codehaus.janino:janino-parent

CVE-2019-18213 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.web

CVE-2022-45378 Vulnerability in maven package soap:soap

Severity

Medium

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory Patch