A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*" ] }