52 matches found
Jenkins Plugin Pipeline:Stage View 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2022-43407
Jenkins Pipeline: Input Step Plugin 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step proceed or abort and is not correctly encoded, allowing attackers...
PT-2022-26892 · Jenkins · Jenkins Pipeline: Stage View Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Stage View Plugin versions 2.26 and earlier Description: The issue arises from the incorrect encoding of the ID of input steps when generating URLs to proceed or abort Pipeline builds, allowing attackers who can configure...
CVE-2022-43407
CVE-2022-43407 affects Jenkins Pipeline: Input Step Plugin (versions up to 451.vf1a_a_4f405289 and earlier). The vulnerability arises because the plugin does not restrict or sanitize the optional ID used in the input step, which is used to construct URLs for user interactions (proceed/abort). Thi...
CVE-2022-43407
Jenkins Pipeline: Input Step Plugin 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step proceed or abort and is not correctly encoded, allowing attackers...
Jenkins Plugin Pipeline:Input Step 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2022-26891 · Jenkins · Jenkins Pipeline: Input Step Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Input Step Plugin versions 451.vf1a a 4f405289 and earlier Pipeline: Declarative Plugin versions 2.2114.v2654ca 721309 and earlier Description: The issue arises from the Jenkins Pipeline: Input Step Plugin not restricting or...
CVE-2022-43407
Jenkins Pipeline: Input Step Plugin 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step proceed or abort and is not correctly encoded, allowing attackers...
jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin
A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...
Jenkins plugins Multiple Vulnerabilities (2022-06-22)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier allow attackers to inject HTML and...
Jenkins LTS < 2.332.4 / Jenkins weekly < 2.356 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.332.4 or Jenkins weekly prior to 2.356. It is, therefore, affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355...
CVE-2022-34177
A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...
GHSA-29Q6-P2CG-4V23 Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin
Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata...
com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0), com.testinium.jenkins:testinium (=1.0) +27 more potentially affected by CVE-2022-34177 via org.jenkins-ci.plugins:pipeline-input-step (>=2.0 <=2.8)
org.jenkins-ci.plugins:pipeline-input-step MAVEN version =2.0, =1.0, =0.0.15, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =2.2.0, =1.8-beta-1, =1.8-beta-1, =2.0, =2.5 and more Source cves: CVE-2022-34177 Source advisory: OSV:GHSA-29Q6-P2CG-4V23...
Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin
Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata...
CVE-2022-34177
Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...
CVE-2022-34177
Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...
CVE-2022-34177
Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...
Design/Logic Flaw
Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...
CVE-2022-34177
Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...