Description
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
Remediation
References
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
http://www.openwall.com/lists/oss-security/2022/01/12/6
https://www.oracle.com/security-alerts/cpuapr2022.html
Related Vulnerabilities
CVE-2022-24785 Vulnerability in maven package org.fujion.webjars:moment
CVE-2023-31419 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2022-24772 Vulnerability in npm package node-forge
CVE-2023-28679 Vulnerability in maven package javagh.jenkins:mashup-portlets-plugin
CVE-2020-2283 Vulnerability in maven package org.jenkins-ci.plugins:liquibase-runner