CVE-2022-20612

Sažetak

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Reference

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
http://www.openwall.com/lists/oss-security/2022/01/12/6
https://www.oracle.com/security-alerts/cpuapr2022.html

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

22-11-2023 - 21:32

Objavljeno

12-01-2022 - 20:15