Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Remediation

References

CVE-2022-20612

Related Vulnerabilities

Oracle Database Server CVE-2019-2753 Vulnerability (CVE-2019-2753)

WordPress Plugin OnePress Social Locker Multiple Unspecified Vulnerabilities (4.2.5)

WordPress Plugin Video Lessons Manager-Video Lessons LMS for eLearning Site Cross-Site Scripting (3.5.8)

markdown-it Inefficient Regular Expression Complexity Vulnerability (CVE-2022-21670)

WordPress Plugin AMP for WP-Accelerated Mobile Pages Multiple Unspecified Vulnerabilities (0.9.72)

Severity

Medium

Classification

CVE-2022-20612 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities