Jenkins 2.329 and earlier, LTS 2.319.1 and earlier does not require POST requests for the HTTP endpoint handling manual build requests when no security realm is set, resulting in a cross-site request forgery (CSRF) vulnerability. Reference: https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:0339 https://access.redhat.com/errata/RHSA-2022:0339
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2022:0483 https://access.redhat.com/errata/RHSA-2022:0483
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2022:0491 https://access.redhat.com/errata/RHSA-2022:0491
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2022:0555 https://access.redhat.com/errata/RHSA-2022:0555
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2022:0565 https://access.redhat.com/errata/RHSA-2022:0565
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-20612