CVE-2022-43408

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.
Configurations

Configuration 1

cpe:2.3:a:jenkins:stage_view:*:*:*:*:*:jenkins:*:*

Information

Published : 2022-10-19 04:15

Updated : 2022-10-21 06:52


NVD link : CVE-2022-43408

Mitre link : CVE-2022-43408

Products Affected
No products.
CWE
CWE-838

Inappropriate Encoding for Output Context