Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-20612

Опубликовано: 12 янв. 2022
Источник: redhat
CVSS3: 4.3

Описание

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

A Cross-site request forgery (CSRF) vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Fuse 7jenkinsNot affected
Red Hat OpenShift Container Platform 3.11jenkinsFixedRHSA-2022:055524.02.2022
Red Hat OpenShift Container Platform 4.6jenkinsFixedRHSA-2022:056525.02.2022
Red Hat OpenShift Container Platform 4.7jenkinsFixedRHSA-2022:049116.02.2022
Red Hat OpenShift Container Platform 4.8jenkinsFixedRHSA-2022:048316.02.2022
Red Hat OpenShift Container Platform 4.9jenkinsFixedRHSA-2022:033910.02.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=2044460jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-20612

CVSS3: 4.3
ubuntu
около 4 лет назад

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

nvd логотип

CVE-2022-20612

CVSS3: 4.3
nvd
около 4 лет назад

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

debian логотип

CVE-2022-20612

CVSS3: 4.3
debian
около 4 лет назад

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and ...

github логотип

GHSA-p92q-7fhh-mq35

CVSS3: 4.3
github
около 4 лет назад

Cross-Site Request Forgery in Jenkins

4.3 Medium

CVSS3