Description
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
Remediation
References
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
http://www.openwall.com/lists/oss-security/2022/01/12/6
https://www.oracle.com/security-alerts/cpuapr2022.html
Related Vulnerabilities
CVE-2021-1628 Vulnerability in maven package org.mule.runtime:mule
CVE-2022-23302 Vulnerability in maven package log4j:log4j
CVE-2021-41164 Vulnerability in maven package org.webjars.npm:ckeditor4
CVE-2021-41086 Vulnerability in npm package jsuites
CVE-2018-3774 Vulnerability in maven package org.webjars.npm:url-parse