EUVD-2022-4246

Malicious code in bioql PyPI...

jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin

A cross-site request forgery CSRF vulnerability was found in a Jenkins plugin. This issue may allow an unauthenticated attacker to access Jenkins builds, bypassing CSRF protections. This could compromise the integrity, availability, and confidentiality of Jenkins...

jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin

A cross-site request forgery CSRF vulnerability was found in a Jenkins plugin. This issue may allow an unauthenticated attacker to access Jenkins builds, bypassing CSRF protections. This could compromise the integrity, availability, and confidentiality of Jenkins...

SUSE CVE-2017-1000108

The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead...

jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin

A cross-site request forgery CSRF vulnerability was found in a Jenkins plugin. This issue may allow an unauthenticated attacker to access Jenkins builds, bypassing CSRF protections. This could compromise the integrity, availability, and confidentiality of Jenkins...

jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...

jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...

com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0), com.testinium.jenkins:testinium (=1.0) +27 more potentially affected by CVE-2022-43407 via org.jenkins-ci.plugins:pipeline-input-step (>=2.0 <=2.8)

org.jenkins-ci.plugins:pipeline-input-step MAVEN version =2.0, =1.0, =0.0.15, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =2.2.0, =1.8-beta-1, =1.8-beta-1, =2.0, =2.5 and more Source cves: CVE-2022-43407 Source advisory: OSV:GHSA-G66M-FQXF-3W35...

Cross site request forgery (csrf)

Jenkins Pipeline: Input Step Plugin 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step proceed or abort and is not correctly encoded, allowing attackers...

Jenkins Plugin Pipeline:Input Step 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...

Jenkins LTS < 2.332.4 / Jenkins weekly < 2.356 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.332.4 or Jenkins weekly prior to 2.356. It is, therefore, affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355...

Jenkins plugins Multiple Vulnerabilities (2022-06-22)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier allow attackers to inject HTML and...

CVE-2022-34177

A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...

com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0), com.testinium.jenkins:testinium (=1.0) +27 more potentially affected by CVE-2022-34177 via org.jenkins-ci.plugins:pipeline-input-step (>=2.0 <=2.8)

org.jenkins-ci.plugins:pipeline-input-step MAVEN version =2.0, =1.0, =0.0.15, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =2.2.0, =1.8-beta-1, =1.8-beta-1, =2.0, =2.5 and more Source cves: CVE-2022-34177 Source advisory: OSV:GHSA-29Q6-P2CG-4V23...

CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...

CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...

PT-2022-22044 · Jenkins · Jenkins Pipeline: Input Step Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Input Step Plugin versions 448.v37cea 9a 10a 70 and earlier Description: The issue allows attackers who can configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specifi...

GHSA-WV63-GWR9-5C55 Stored XSS vulnerability in Jenkins button labels

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI. This results in a cross-site scripting vulnerability exploitable by attackers with the ability to control button labels. An example of buttons with a user-controlled label are the buttons of the...

com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0), com.testinium.jenkins:testinium (=1.0) +25 more potentially affected by CVE-2017-1000108 via org.jenkins-ci.plugins:pipeline-input-step (>=2.0 <=2.5)

org.jenkins-ci.plugins:pipeline-input-step MAVEN version =2.0, =1.0, =0.0.15, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =2.2.0, =1.8-beta-1, =1.8-beta-1, =2.0, =2.5 and more Source cves: CVE-2017-1000108 Source advisory: OSV:GHSA-HXPW-7X95-Q38M...