CVE-2022-20612
MEDIUM4.3EPSS 0.20%Cross-Site Request Forgery in Jenkins
Published: 1/21/2022Modified: 4/3/2025
Description
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
Affected packages (2)
- Bitnami/jenkinsfrom 0, < 2.329.1
- Maven/org.jenkins-ci.main:jenkins-core>= 2.320, < 2.330
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-20612
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttps://github.com/jenkinsci/jenkins/commit/b5c3764681f3b4ce83d0e78f6a9327925640d57e
- WEBhttps://www.jenkins.io/changelog-stable/#v2.319.2
- WEBhttps://www.jenkins.io/changelog/#v2.330
- WEBhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
- WEBhttps://www.oracle.com/security-alerts/cpuapr2022.html
- WEBhttp://www.openwall.com/lists/oss-security/2022/01/12/6