vulnerability

Red Hat OpenShift: CVE-2022-20612: jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:N/AC:H/Au:N/C:N/I:P/A:N)	Jan 12, 2022	Feb 11, 2022	Apr 11, 2025

Severity

CVSS

(AV:N/AC:H/Au:N/C:N/I:P/A:N)

Published

Jan 12, 2022

Added

Feb 11, 2022

Modified

Apr 11, 2025

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Solution

linuxrpm-upgrade-jenkins

References

CVE-2022-20612
https://attackerkb.com/topics/CVE-2022-20612
REDHAT-RHSA-2022:0339
REDHAT-RHSA-2022:0483
REDHAT-RHSA-2022:0491
REDHAT-RHSA-2022:0555
REDHAT-RHSA-2022:0565

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today