cbcvebase.
CVE-2022-20612
published 2022-01-12

CVE-2022-20612: A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without…

PriorityP421medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
1.78%
75.5th percentile
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
jenkinsactive_directory_plugin
jenkinsbadge_plugin
jenkinsbitbucket_branch_source_plugin
jenkinsconfiguration_as_code_plugin
jenkinsconjur_secrets_plugin
jenkinscredentials_binding_plugin
jenkinscredentials_plugin
jenkinsdebian_package_builder_plugin
jenkinsdocker_commons_plugin
jenkinsgroovy_plugin
jenkinshashicorp_vault_plugin
jenkinsids_in_bitbucket_branch_source_plugin
jenkinsimproper_credentials_masking_in_hashicorp_vault_plugin
jenkinsjenkins<= 2.319.1
jenkinsjenkins<= 2.329
jenkinsjenkins_core
jenkinsjenkins_lts
jenkinsjenkins_ui_requesting_they_update_the_plugin
jenkinsjenkins_weekly
jenkinsmailer_plugin
jenkinsmatrix_project_plugin
jenkinsmetrics_plugin
jenkinspublish_over_ssh_plugin
jenkinsssh_agent_plugin
jenkinswarnings_plugin

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
vendor_oracle4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.