CVE-2022-20612
Description
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.2
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-20612 are affected in Jenkins 2.99-lts | Windows |
| Vulnerabilities CVE-2022-20612 are fixed in Jenkins-Core 2.319.2 | Windows |
| Vulnerabilities CVE-2022-20612 are fixed in Jenkins-Core 2.330 | Windows |
| Vulnerabilities CVE-2022-20612 are fixed in Jenkins-Core for Linux 2.319.2 | Linux |
| Vulnerabilities CVE-2022-20612 are fixed in Jenkins-Core for Linux 2.330 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234