Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/01/12/6

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2019-10313 Vulnerability in maven package org.jenkins-ci.plugins:twitter

CVE-2020-36187 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2023-50164 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2020-6541 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-36034 Vulnerability in npm package nitrado.js

Severity

Medium

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory Patch