gsd-2022-43407
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2022-43407",
    "id": "GSD-2022-43407",
    "references": [
      "https://access.redhat.com/errata/RHSA-2023:0560",
      "https://access.redhat.com/errata/RHSA-2023:0777",
      "https://access.redhat.com/errata/RHSA-2023:1064"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-43407"
      ],
      "details": "Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the \u0027input\u0027 step, which is used for the URLs that process user interactions for the given \u0027input\u0027 step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from \u0027input\u0027 step IDs that would bypass the CSRF protection of any target URL in Jenkins when the \u0027input\u0027 step is interacted with.",
      "id": "GSD-2022-43407",
      "modified": "2023-12-13T01:19:31.908270Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "jenkinsci-cert@googlegroups.com",
        "ID": "CVE-2022-43407",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Jenkins Pipeline: Input Step Plugin",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "versions": [
                              {
                                "status": "unaffected",
                                "version": "449.451.v9c3d42f23975"
                              },
                              {
                                "lessThanOrEqual": "451.vf1a_a_4f405289",
                                "status": "affected",
                                "version": "unspecified",
                                "versionType": "custom"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Jenkins project"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the \u0027input\u0027 step, which is used for the URLs that process user interactions for the given \u0027input\u0027 step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from \u0027input\u0027 step IDs that would bypass the CSRF protection of any target URL in Jenkins when the \u0027input\u0027 step is interacted with."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880",
            "refsource": "MISC",
            "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,456.vd8a)",
          "affected_versions": "All versions before 456.vd8a",
          "cwe_ids": [
            "CWE-1035",
            "CWE-352",
            "CWE-838",
            "CWE-937"
          ],
          "date": "2022-10-20",
          "description": "Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the \u0027input\u0027 step, which is used for the URLs that process user interactions for the given \u0027input\u0027 step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from \u0027input\u0027 step IDs that would bypass the CSRF protection of any target URL in Jenkins when the \u0027input\u0027 step is interacted with.",
          "fixed_versions": [
            "456.vd8a"
          ],
          "identifier": "CVE-2022-43407",
          "identifiers": [
            "GHSA-g66m-fqxf-3w35",
            "CVE-2022-43407"
          ],
          "not_impacted": "All versions starting from 456.vd8a",
          "package_slug": "maven/org.jenkins-ci.plugins/pipeline-input-step",
          "pubdate": "2022-10-19",
          "solution": "Upgrade to version 456.vd8a or above.",
          "title": "Inappropriate Encoding for Output Context",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-43407",
            "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880",
            "http://www.openwall.com/lists/oss-security/2022/10/19/3",
            "https://github.com/advisories/GHSA-g66m-fqxf-3w35"
          ],
          "uuid": "93a781f1-fdb7-4e2c-b63c-bd68d6cf695a"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:pipeline\\:_input_step:*:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "versionEndIncluding": "451.vf1a_a_4f405289",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2022-43407"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the \u0027input\u0027 step, which is used for the URLs that process user interactions for the given \u0027input\u0027 step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from \u0027input\u0027 step IDs that would bypass the CSRF protection of any target URL in Jenkins when the \u0027input\u0027 step is interacted with."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880"
            },
            {
              "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-11-01T20:53Z",
      "publishedDate": "2022-10-19T16:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.