Authorization Bypass

2022-10-2014:30:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

jenkins pipeline

input step plugin

authorization bypass

vulnerability

csrf protection

0.001 Low

EPSS

Percentile

34.5%

JSON

Jenkins Pipeline: Input Step Plugin is vulnerable to Authorization Bypass. The vulnerability exists because specified ID of the input step are not properly sanitized and the URLs that use the ids to process interactions are no encoded properly which allows an attacker to bypass the CSRF protection of any target URL in the server.

CPENameOperatorVersion
pipeline: input stepeq449.v77f0e8b_845c4
pipeline: input stepeq447.449.v193fd29f6021
pipeline: input steple2.12.2
jenkins-2-pluginseq4.9.1644822177__1.el8
jenkins-2-pluginseq4.10.1663599478__1.el8
jenkins-2-pluginseq4.10.1650890594__1.el8
jenkins-2-pluginseq4.10.1647505461__1.el8
jenkins-2-pluginseq4.10.1675936179__1.el8
jenkins-2-pluginseq4.6.1609853716__1.el8
jenkins-2-pluginseq4.9.1642607680__1.el8

Name	Operator	Version
pipeline: input step	eq	449.v77f0e8b_845c4
pipeline: input step	eq	447.449.v193fd29f6021
pipeline: input step	le	2.12.2
jenkins-2-plugins	eq	4.9.1644822177__1.el8
jenkins-2-plugins	eq	4.10.1663599478__1.el8
jenkins-2-plugins	eq	4.10.1650890594__1.el8
jenkins-2-plugins	eq	4.10.1647505461__1.el8
jenkins-2-plugins	eq	4.10.1675936179__1.el8
jenkins-2-plugins	eq	4.6.1609853716__1.el8
jenkins-2-plugins	eq	4.9.1642607680__1.el8