Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/01/12/6

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2021-31408 Vulnerability in maven package com.vaadin:flow-client

CVE-2020-7676 Vulnerability in npm package angular

CVE-2023-50778 Vulnerability in maven package com.cloudtp.jenkins:paaslane-estimate

CVE-2022-33682 Vulnerability in maven package org.apache.pulsar:pulsar-proxy

CVE-2020-1935 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Medium

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory Patch