CSRF Vulnerability in Jenkins Allows Unauthorized Job Build Triggering

CVE-2022-20612 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Learn more about our Web Application Penetration Testing UK.