8 matches found
jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin
A Cross-site request forgery CSRF vulnerability was found in a Jenkins plugin. This issue may allow an authenticated attacker to access Jenkins builds, bypassing CSRF protections...
Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins
Jenkins Pipeline: Stage View Plugin provides a visualization of Pipeline builds. It also allows users to interact with input steps from Pipeline: Input Step Plugin. Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of input steps when using it to generate URLs to proce...
GHSA-G975-F26H-93G8 Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins
Jenkins Pipeline: Stage View Plugin provides a visualization of Pipeline builds. It also allows users to interact with input steps from Pipeline: Input Step Plugin. Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of input steps when using it to generate URLs to proce...
CVE-2022-43408
Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...
Cross site request forgery (csrf)
Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...
CVE-2022-43408
Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...
CVE-2022-43408
CVE-2022-43408 affects Jenkins Pipeline: Stage View Plugin (versions 2.26 and earlier). The vulnerability arises because the plugin does not correctly encode the ID of input steps when generating URLs to proceed/abort builds, allowing configured Pipelines to specify input step IDs that bypass CSR...
CVE-2022-43408
Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...