{
  "threat_severity" : "Moderate",
  "public_date" : "2022-01-12T00:00:00Z",
  "bugzilla" : {
    "description" : "jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF",
    "id" : "2044460",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2044460"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-352",
  "details" : [ "A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.", "A Cross-site request forgery (CSRF) vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters." ],
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "release_date" : "2022-02-24T00:00:00Z",
    "advisory" : "RHSA-2022:0555",
    "cpe" : "cpe:/a:redhat:openshift:3.11::el7",
    "package" : "jenkins-0:2.319.2.1644411558-1.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.6",
    "release_date" : "2022-02-25T00:00:00Z",
    "advisory" : "RHSA-2022:0565",
    "cpe" : "cpe:/a:redhat:openshift:4.6::el8",
    "package" : "jenkins-0:2.319.2.1643964085-1.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.7",
    "release_date" : "2022-02-16T00:00:00Z",
    "advisory" : "RHSA-2022:0491",
    "cpe" : "cpe:/a:redhat:openshift:4.7::el8",
    "package" : "jenkins-0:2.319.2.1643882372-1.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.8",
    "release_date" : "2022-02-16T00:00:00Z",
    "advisory" : "RHSA-2022:0483",
    "cpe" : "cpe:/a:redhat:openshift:4.8::el8",
    "package" : "jenkins-0:2.319.2.1643648617-1.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.9",
    "release_date" : "2022-02-10T00:00:00Z",
    "advisory" : "RHSA-2022:0339",
    "cpe" : "cpe:/a:redhat:openshift:4.9::el8",
    "package" : "jenkins-0:2.319.2.1643391771-1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Not affected",
    "package_name" : "jenkins",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-20612\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-20612\nhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558" ],
  "name" : "CVE-2022-20612",
  "csaw" : false
}