CVE-2022-20612
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
Published at
2022-01-12
4 days ago
Modified
2022-01-12
4 days ago
2022
Year
The year of the turtle
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
CONFIRM:https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
http://www.openwall.com/lists/oss-security/2022/01/12/6
MLIST:[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins
Vulnerability RAW
{
"Title": {
"_text": "CVE-2022-20612"
},
"Notes": {
"Note": [
{
"_text": "A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set."
},
{
"_text": "2022-01-12"
},
{
"_text": "2022-01-12"
}
]
},
"CVE": {
"_text": "CVE-2022-20612"
},
"References": {
"Reference": [
{
"URL": {
"_text": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558"
},
"Description": {
"_text": "CONFIRM:https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558"
}
},
{
"URL": {
"_text": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
},
"Description": {
"_text": "MLIST:[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins"
}
}
]
}
}