Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/01/12/6

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2021-21695 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-24818 Vulnerability in maven package org.geotools:gt-metadata

CVE-2020-2129 Vulnerability in maven package org.apache.maven.plugins:maven-compiler-plugin

CVE-2021-21379 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-wikimacro-store

CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-service

Severity

Medium

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory Patch