CVE-2022-20612

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

CVSS Version 3.1

nvd

CVE ID: CVE-2022-20612
Base Score: 4.3
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Impact Score: 1.4
Exploitability Score: 2.8

CVSS Version 2.0

nvd

CVE ID: CVE-2022-20612
Base Score: 2.6
Base Severity: LOW
Vector String:AV:N/AC:H/Au:N/C:N/I:P/A:N

Refrence: NVD