Lucene search
K

52 matches found

CNNVD
CNNVD
added 2022/10/19 12:0 a.m.3 views

Jenkins Plugin Pipeline:Stage View 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00443EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.39 views

CVE-2022-43407

Jenkins Pipeline: Input Step Plugin 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step proceed or abort and is not correctly encoded, allowing attackers...

8.9AI score0.00493EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.8 views

PT-2022-26892 · Jenkins · Jenkins Pipeline: Stage View Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Stage View Plugin versions 2.26 and earlier Description: The issue arises from the incorrect encoding of the ID of input steps when generating URLs to proceed or abort Pipeline builds, allowing attackers who can configure...

8CVSS6.3AI score0.00443EPSS
Exploits0References7
CVE
CVE
added 2022/10/19 12:0 a.m.140 views

CVE-2022-43407

CVE-2022-43407 affects Jenkins Pipeline: Input Step Plugin (versions up to 451.vf1a_a_4f405289 and earlier). The vulnerability arises because the plugin does not restrict or sanitize the optional ID used in the input step, which is used to construct URLs for user interactions (proceed/abort). Thi...

8.8CVSS8.5AI score0.00493EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.7 views

CVE-2022-43407

Jenkins Pipeline: Input Step Plugin 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step proceed or abort and is not correctly encoded, allowing attackers...

7.1AI score0.00493EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.5 views

Jenkins Plugin Pipeline:Input Step 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.8CVSS7.8AI score0.00493EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.6 views

PT-2022-26891 · Jenkins · Jenkins Pipeline: Input Step Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Input Step Plugin versions 451.vf1a a 4f405289 and earlier Pipeline: Declarative Plugin versions 2.2114.v2654ca 721309 and earlier Description: The issue arises from the Jenkins Pipeline: Input Step Plugin not restricting or...

8.8CVSS8.5AI score0.00493EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2022/10/19 12:0 a.m.29 views

CVE-2022-43407

Jenkins Pipeline: Input Step Plugin 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step proceed or abort and is not correctly encoded, allowing attackers...

8.8CVSS2.1AI score0.00493EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/09/21 2:3 p.m.4 views

jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...

7.5CVSS6.2AI score0.01478EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/07/15 12:0 a.m.336 views

Jenkins plugins Multiple Vulnerabilities (2022-06-22)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier allow attackers to inject HTML and...

9.1CVSS6.6AI score0.77007EPSS
Exploits0References45
Tenable Nessus
Tenable Nessus
added 2022/07/15 12:0 a.m.196 views

Jenkins LTS < 2.332.4 / Jenkins weekly < 2.356 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.332.4 or Jenkins weekly prior to 2.356. It is, therefore, affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355...

9.1CVSS6.6AI score0.77007EPSS
Exploits0References45
RedhatCVE
RedhatCVE
added 2022/07/04 5:41 a.m.43 views

CVE-2022-34177

A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...

7.5CVSS1.9AI score0.01478EPSS
Exploits0References4
OSV
OSV
added 2022/06/24 12:0 a.m.102 views

GHSA-29Q6-P2CG-4V23 Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin

Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata...

8.8CVSS7.6AI score0.01478EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/06/24 12:0 a.m.5 views

com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0), com.testinium.jenkins:testinium (=1.0) +27 more potentially affected by CVE-2022-34177 via org.jenkins-ci.plugins:pipeline-input-step (>=2.0 <=2.8)

org.jenkins-ci.plugins:pipeline-input-step MAVEN version =2.0, =1.0, =0.0.15, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =2.2.0, =1.8-beta-1, =1.8-beta-1, =2.0, =2.5 and more Source cves: CVE-2022-34177 Source advisory: OSV:GHSA-29Q6-P2CG-4V23...

7.5CVSS7.1AI score0.01478EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.44 views

Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin

Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata...

7.5CVSS7.6AI score0.01478EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/06/23 5:15 p.m.27 views

CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...

7.5CVSS0.01478EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.4 views

CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...

7.5CVSS6.8AI score0.01478EPSS
Exploits0References2
OSV
OSV
added 2022/06/23 5:15 p.m.4 views

CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...

7.5CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2022/06/23 5:15 p.m.23 views

Design/Logic Flaw

Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...

5CVSS7.5AI score0.01478EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/22 12:0 a.m.18 views

CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...

7.8AI score0.01478EPSS
Exploits0References1
Rows per page
Query Builder