Vulnerabilities > Jenkins > Jenkins > 2.303.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-09 | CVE-2022-0538 | Deserialization of Untrusted Data vulnerability in Jenkins Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. | 7.5 |
2022-01-12 | CVE-2022-20612 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. | 4.3 |