Jenkins Pipeline: Stage View Plugin Vulnerability - Bypassing CSRF Protection via 'input' Step IDs

Jenkins Pipeline: Stage View Plugin Vulnerability - Bypassing CSRF Protection via 'input' Step IDs

CVE-2022-43408 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.

Learn more about our Web Application Penetration Testing UK.