CVE-2022-20612 in Jenkins and Oracle Products
Published on January 12, 2022
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
Products Associated with CVE-2022-20612
stack.watch emails you whenever new vulnerabilities are published in Jenkins or Oracle Communications Cloud Native Core Automated Test Suite. Just hit a watch button to start following.
Affected Versions
Jenkins project Jenkins:- Version unspecified, <= 2.329 is affected.
- Version unspecified, <= LTS 2.319.1 is affected.
Exploit Probability
EPSS
0.20%
Percentile
41.91%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.