CVE-2022-20612 Information

Jun 07, 2022 cve

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Reference

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558 http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.oracle.com/security-alerts/cpuapr2022.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3

Share on: