CVE-2022-20612 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/01/12/6

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2019-1003081 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer

CVE-2022-21676 Vulnerability in npm package engine.io

CVE-2021-21348 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2021-42575 Vulnerability in maven package com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer

CVE-2022-38369 Vulnerability in maven package org.apache.iotdb:iotdb-server

Severity

Medium

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N