Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins pipeline input step vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-1000108
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.
Jenkins Pipeline-input-step 2.6
Jenkins Pipeline-input-step 2.5
Jenkins Pipeline-input-step 2.4
Jenkins Pipeline-input-step 2.3
Jenkins Pipeline-input-step 2.2
Jenkins Pipeline-input-step 2.1
Jenkins Pipeline-input-step 2.0
Jenkins Pipeline-input-step 2.7
NA
CVE-2022-43407
Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and previous versions does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort)...
Jenkins Pipeline Input Step
5
CVSSv2
CVE-2022-34177
Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and previous versions archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-rel...
Jenkins Pipeline Input Step
NA
CVE-2022-43408
Jenkins Pipeline: Stage View Plugin 2.26 and previous versions does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resu...
Jenkins Pipeline Stage View
3.5
CVSSv2
CVE-2021-21608
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started