Description
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/01/12/6
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
https://www.oracle.com/security-alerts/cpuapr2022.html
Related Vulnerabilities
CVE-2022-36364 Vulnerability in maven package org.apache.calcite.avatica:avatica-core
CVE-2022-35924 Vulnerability in npm package next-auth
CVE-2022-40150 Vulnerability in maven package org.codehaus.jettison:jettison
CVE-2021-36737 Vulnerability in maven package org.apache.portals.pluto.demo:v3-demo-portlet
CVE-2018-1328 Vulnerability in maven package org.apache.zeppelin:zeppelin