WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-43408 Vulnerability in maven package org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view

Description

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/10/19/3

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828

Related Vulnerabilities

CVE-2022-36896 Vulnerability in maven package com.compuware.jenkins:compuware-scm-downloader

CVE-2023-30331 Vulnerability in maven package com.ibeetl:beetl

CVE-2020-2208 Vulnerability in maven package org.jenkins-ci.plugins:slack-uploader

CVE-2018-19586 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

CVE-2022-38751 Vulnerability in maven package org.yaml:snakeyaml

Severity

High

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory