CVE-2022-43407

jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with.

Jenkins Pipeline: Input Step Plugin versiones 451.vf1a_a_4f405289 y anteriores, no restringe o sanea el ID opcionalmente especificado del paso "input", que es usado para las URLs que procesan las interacciones del usuario para el paso 'input' dado (proceder o abortar) y no está correctamente codificado, permitiendo a atacantes capaces de configurar Pipelines para que Jenkins construya URLs a partir de IDs de pasos 'input' que podrían omitir la protección CSRF de cualquier URL de destino en Jenkins cuando se interactúa con el paso 'input'

A cross-site request forgery (CSRF) vulnerability was found in a Jenkins plugin. This issue may allow an unauthenticated attacker to access Jenkins builds, bypassing CSRF protections. This could compromise the integrity, availability, and confidentiality of Jenkins.

*Credits: N/A

CVSS Scores

NISTv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-18 CVE Reserved
2022-10-19 CVE Published
2024-05-11 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-352: Cross-Site Request Forgery (CSRF)
CWE-838: Inappropriate Encoding for Output Context

CAPEC

References (4)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2022/10/19/3	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880	2023-11-01
https://access.redhat.com/security/cve/CVE-2022-43407	2023-05-17
https://bugzilla.redhat.com/show_bug.cgi?id=2136386	2023-05-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Jenkins Search vendor "Jenkins"		Pipeline: Input Step Search vendor "Jenkins" for product "Pipeline: Input Step"				<= 451.vf1a_a_4f405289 Search vendor "Jenkins" for product "Pipeline: Input Step" and version " <= 451.vf1a_a_4f405289"		jenkins		Affected