CVE-2022-20612
N/A
N/A
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jenkins project | Jenkins | unspecified <= 2.329 | affected |
| Jenkins project | Jenkins | unspecified <= LTS 2.319.1 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
- http://www.openwall.com/lists/oss-security/2022/01/12/6
- https://www.oracle.com/security-alerts/cpuapr2022.html
References
- https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
- http://www.openwall.com/lists/oss-security/2022/01/12/6
- https://www.oracle.com/security-alerts/cpuapr2022.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.