CVE-2022-43408
Summary
| CVE | CVE-2022-43408 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-10-19 16:15:00 UTC |
|---|
| Updated | 2023-11-01 20:54:00 UTC |
|---|
| Description | Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Jenkins Security Advisory 2022-10-19 |
CONFIRM |
www.jenkins.io |
|
| oss-security - Multiple vulnerabilities in Jenkins plugins |
MLIST |
www.openwall.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 241180 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:0560)
- 241214 Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2023:0777)
- 770173 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:0560)
- 770178 Red Hat OpenShift Container Platform 4.9. Security Update (RHSA-2023:0777)
