Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Remediation

References

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558

http://www.openwall.com/lists/oss-security/2022/01/12/6

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2020-6423 Vulnerability in npm package electron

CVE-2019-3868 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2013-3827 Vulnerability in maven package com.sun.faces:jsf-impl

CVE-2022-4742 Vulnerability in npm package json-pointer

CVE-2022-25758 Vulnerability in maven package org.webjars.npm:scss-tokenizer

Severity

Medium

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory Patch