CVE-2022-20612
MEDIUMJenkins < 2.319.1 and 2.320-2.329 - Cross-Site Request Forgery
Title source: llmDescription
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/01/12/6
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Scores
CVSS v3
4.3
EPSS
0.0020
EPSS Percentile
41.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (4)
jenkins/jenkins
< 2.319.1
jenkins/jenkins
< 2.329
oracle/communications_cloud_native_core_automated_test_suite
1.9.0
org.jenkins-ci.main/jenkins-core
2.320 - 2.330Maven
Published
Jan 12, 2022
Tracked Since
Feb 18, 2026