Input Step Plugin Vulnerability in Jenkins Affecting User Interaction Processing
CVE-2022-43407

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Pipeline: Input Step Plugin
Vendor: CVE Published:; 19 October 2022

What is CVE-2022-43407?

The Input Step Plugin in Jenkins allows the specification of an ID for its 'input' step without adequate restrictions or sanitization. This flaw permits attackers who have the ability to configure Pipelines to craft Jenkins build URLs that leverage these input step IDs. Such crafted links can effectively circumvent the CSRF protections in place for target URLs within Jenkins, exposing the system to potential unauthorized actions when users interact with the compromised input steps.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins Pipeline: Input Step Plugin <= 451.vf1a_a_4f405289

Jenkins Pipeline: Input Step Plugin 449.451.v9c3d42f23975

References

https://www.jenkins.io/security/advisory/2022-10-19/#SECU...

http://www.openwall.com/lists/oss-security/2022/10/19/3

mailing-list

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Oct 18, 2022

JSON

Jenkins

What is CVE-2022-43407?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.