Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 831085 (CVE-2022-20612) - dev-util/jenkins-bin: build job triggerable without parameters
Summary: dev-util/jenkins-bin: build job triggerable without parameters
Status: RESOLVED FIXED
Alias: CVE-2022-20612
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://www.jenkins.io/security/advis...
Whiteboard: ~4 [noglsa]
Keywords:
: 831122 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-01-12 21:18 UTC by John Helmert III
Modified: 2022-02-09 20:34 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-12 21:18:52 UTC
CVE-2022-20612:

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Please bump to 2.329.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-13 10:29:12 UTC
*** Bug 831122 has been marked as a duplicate of this bug. ***
Comment 2 Patrick Lauer gentoo-dev 2022-01-13 10:39:55 UTC
commit ea6a1bf6e65dd45503b9127c7a00869b8f1d6430
Author: Hans de Graaff <graaff@gentoo.org>
Date:   Thu Jan 13 07:56:35 2022 +0100

    dev-util/jenkins-bin: add 2.319.2, 2.330

    Package-Manager: Portage-3.0.28, Repoman-3.0.3
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>