Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Remediation

References

CVE-2022-20612

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2033)

WordPress Plugin WangGuard Cross-Site Scripting (1.7.1)

WordPress Plugin Rezgo Online Booking Cross-Site Scripting (1.8.6)

Drupal Core 5.x SQL Injection (5.0 - 5.3)

XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2004-2756)

Severity

Medium

Classification

CVE-2022-20612 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities