CVE-2022-20612

medium

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

References

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558

http://www.openwall.com/lists/oss-security/2022/01/12/6

https://www.oracle.com/security-alerts/cpuapr2022.html

Details

Source: MITRE

Published: 2022-01-12

Updated: 2022-04-20

Type: CWE-352

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 2.8

Severity: MEDIUM