jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin

A Cross-site request forgery CSRF vulnerability was found in a Jenkins plugin. This issue may allow an authenticated attacker to access Jenkins builds, bypassing CSRF protections...

io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.27.4 <=1.27.5.1), io.jenkins.plugins:code-coverage-api (>=4.2.0 <=4.7.0) +12 more potentially affected by CVE-2023-32977 via org.jenkins-ci.plugins.workflow:workflow-job (>=0.1-beta-1 <=1292.v27d8cc3e2602)

org.jenkins-ci.plugins.workflow:workflow-job MAVEN version =0.1-beta-1, =1.27.4, =4.2.0, =1.17.vd2468d9c5e85, =0.1-beta-1, =1.14, =1.16.4 - org.jenkins-ci.plugins:gradle =2.12.0.1 - org.jenkins-ci.plugins:inline-pipeline =1.0.3 Source cves: CVE-2023-32977 Source advisory: OSV:GHSA-2WVV-PHHW-QVMC...

jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin

A Cross-site request forgery CSRF vulnerability was found in a Jenkins plugin. This issue may allow an authenticated attacker to access Jenkins builds, bypassing CSRF protections...

jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin

A Cross-site request forgery CSRF vulnerability was found in a Jenkins plugin. This issue may allow an authenticated attacker to access Jenkins builds, bypassing CSRF protections...

jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin

A Cross-site request forgery CSRF vulnerability was found in a Jenkins plugin. This issue may allow an authenticated attacker to access Jenkins builds, bypassing CSRF protections...

Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins

Jenkins Pipeline: Stage View Plugin provides a visualization of Pipeline builds. It also allows users to interact with input steps from Pipeline: Input Step Plugin. Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of input steps when using it to generate URLs to proce...

net.praqma:memory-map (>=2.2.0 <=2.2.1), org.jenkins-ci.plugins.workflow:workflow-aggregator (>=2.1 <=2.4) +5 more potentially affected by CVE-2022-43408 via org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view (>=1.3 <=2.10)

org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view MAVEN version =1.3, =2.2.0, =2.1, =2.0.5, =1.0.0, =1.0.0, =1.0.2 Source cves: CVE-2022-43408 Source advisory: OSV:GHSA-G975-F26H-93G8...

GHSA-G975-F26H-93G8 Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins

Jenkins Pipeline: Stage View Plugin provides a visualization of Pipeline builds. It also allows users to interact with input steps from Pipeline: Input Step Plugin. Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of input steps when using it to generate URLs to proce...

CVE-2022-43408

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...

CVE-2022-43408

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...

Cross site request forgery (csrf)

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...

Jenkins Plugin Pipeline:Stage View 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2022-43408

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...

CVE-2022-43408

CVE-2022-43408 affects Jenkins Pipeline: Stage View Plugin (versions 2.26 and earlier). The vulnerability arises because the plugin does not correctly encode the ID of input steps when generating URLs to proceed/abort builds, allowing configured Pipelines to specify input step IDs that bypass CSR...

PT-2022-26892 · Jenkins · Jenkins Pipeline: Stage View Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Stage View Plugin versions 2.26 and earlier Description: The issue arises from the incorrect encoding of the ID of input steps when generating URLs to proceed or abort Pipeline builds, allowing attackers who can configure...

CVE-2022-43408

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +16 more potentially affected by CVE-2022-25178 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.17)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0, =1.0, =1.0, =0.1-beta-5, =1.12.1, =2.2, =1.0.4, =0.1, =1.0, =2.3, =1.0, =1.5 and more Source cves: CVE-2022-25178 Source advisory: OSV:GHSA-5HFV-MG5X-MV32...