Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/01/12/6

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2021-23452 Vulnerability in npm package x-assign

CVE-2022-24819 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2023-26116 Vulnerability in npm package angular

CVE-2020-6464 Vulnerability in maven package org.webjars.npm:electron

CVE-2020-7690 Vulnerability in maven package org.webjars.npm:jspdf

Severity

Medium

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory Patch