Lucene search
JenkinsCVELIST:CVE-2022-43408HistoryOct 19, 2022 - 12:00 a.m.
CVE-2022-43408
2022-10-1900:00:00
jenkins
www.cve.org
2
jenkins
stage view plugin
csrf protection
Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of ‘input’ steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify ‘input’ step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.
CNA Affected
[
{
"product": "Jenkins Pipeline: Stage View Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "unaffected",
"version": "2.24.2"
},
{
"lessThanOrEqual": "2.26",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
veracode
veracode
Authorization Bypass
2022-10-20 15:26:59
github
github
prion
prion
Cross site request forgery (csrf)
2022-10-19 16:15:00
redhatcve
redhatcve
CVE-2022-43408
2022-10-20 07:17:19
nvd
nvd
CVE-2022-43408
2022-10-19 16:15:10
cve
cve
CVE-2022-43408
2022-10-19 16:15:10
osv
osv
redhat
redhat
nessus
nessus
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)
2024-04-28 00:00:00
RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-01-24 00:00:00