CVE-2022-43408

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/10/19/3	Mailing List Third Party Advisory
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828	Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/10/19/3	Mailing List Third Party Advisory
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:pipeline\:stage_view:*:*:*:*:*:jenkins:*:*

History

No history.

Information

Published : 2022-10-19 16:15

Updated : 2024-11-21 07:26

NVD link : CVE-2022-43408

Mitre link : CVE-2022-43408

CVE.ORG link : CVE-2022-43408

JSON object : View

Products Affected

jenkins

pipeline\

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2022-43408", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-10-19T16:15:10.543", "references": [{"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "jenkinsci-cert@googlegroups.com"}, {"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828", "tags": ["Vendor Advisory"], "source": "jenkinsci-cert@googlegroups.com"}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins."}, {"lang": "es", "value": "Pipeline de Jenkins: Stage View Plugin versiones 2.26 y anteriores, no codifica correctamente el ID de los pasos \"input\" cuando es usado para generar URLs para proceder o abortar construcciones de Pipeline, lo que permite a atacantes capaces de configurar Pipelines para especificar IDs de pasos de \"input\" que resulten en URLs que puedan omitir la protecci\u00f3n de tipo CSRF de cualquier URL de destino en Jenkins"}], "lastModified": "2024-11-21T07:26:25.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:pipeline\\:stage_view:*:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "073302C7-F62F-4B15-ADD7-56CC29F1AAB6", "versionEndExcluding": "2.27"}], "operator": "OR"}]}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com"}