Fedora Account System
Red Hat Associate
Red Hat Customer
Jenkins 2.329 and earlier, LTS 2.319.1 and earlier does not require POST requests for the HTTP endpoint handling manual build requests when no security realm is set, resulting in a cross-site request forgery (CSRF) vulnerability. Reference: https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:0339 https://access.redhat.com/errata/RHSA-2022:0339
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2022:0483 https://access.redhat.com/errata/RHSA-2022:0483
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2022:0491 https://access.redhat.com/errata/RHSA-2022:0491
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2022:0555 https://access.redhat.com/errata/RHSA-2022:0555
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2022:0565 https://access.redhat.com/errata/RHSA-2022:0565
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-20612