cve-2022-43408
Vulnerability from cvelistv5
Published
2022-10-19 00:00
Modified
2024-08-03 13:32
Severity ?
Summary
Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:32:57.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828"
          },
          {
            "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins Pipeline: Stage View Plugin",
          "vendor": "Jenkins project",
          "versions": [
            {
              "status": "unaffected",
              "version": "2.24.2"
            },
            {
              "lessThanOrEqual": "2.26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of \u0027input\u0027 steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify \u0027input\u0027 step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T14:25:35.045Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828"
        },
        {
          "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2022-43408",
    "datePublished": "2022-10-19T00:00:00",
    "dateReserved": "2022-10-18T00:00:00",
    "dateUpdated": "2024-08-03T13:32:57.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-43408\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2022-10-19T16:15:10.543\",\"lastModified\":\"2023-11-01T20:54:03.333\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of \u0027input\u0027 steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify \u0027input\u0027 step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.\"},{\"lang\":\"es\",\"value\":\"Pipeline de Jenkins: Stage View Plugin versiones 2.26 y anteriores, no codifica correctamente el ID de los pasos \\\"input\\\" cuando es usado para generar URLs para proceder o abortar construcciones de Pipeline, lo que permite a atacantes capaces de configurar Pipelines para especificar IDs de pasos de \\\"input\\\" que resulten en URLs que puedan omitir la protecci\u00f3n de tipo CSRF de cualquier URL de destino en Jenkins\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:pipeline\\\\:stage_view:*:*:*:*:*:jenkins:*:*\",\"versionEndExcluding\":\"2.27\",\"matchCriteriaId\":\"073302C7-F62F-4B15-ADD7-56CC29F1AAB6\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/19/3\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.