CVE-2022-43408

CVSS v3.1 6.5 (Medium)

EPSS 0.08 % (36^th)

Affected Products 1

Advisories 2

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.

Weaknesses

CWE-352: Cross-Site Request Forgery (CSRF)

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2022-10-19 16:15:10
(23 months ago)
Updated Date: 2023-11-01 20:54:03
(10 months ago)

Affected Products

Jenkins

Pipeline\:stage View

Configuration #1

		CPE23	From	Up To
	Jenkins Pipeline:stage View for Jenkins prior 2.27 version	cpe:2.3:a:jenkins:pipeline\:stage_view::::::jenkins		< 2.27