cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-43407,https://securityvulnerability.io/vulnerability/CVE-2022-43407,Input Step Plugin Vulnerability in Jenkins Affecting User Interaction Processing,"The Input Step Plugin in Jenkins allows the specification of an ID for its 'input' step without adequate restrictions or sanitization. This flaw permits attackers who have the ability to configure Pipelines to craft Jenkins build URLs that leverage these input step IDs. Such crafted links can effectively circumvent the CSRF protections in place for target URLs within Jenkins, exposing the system to potential unauthorized actions when users interact with the compromised input steps.",Jenkins,Jenkins Pipeline: Input Step Plugin,8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-34177,https://securityvulnerability.io/vulnerability/CVE-2022-34177,File Manipulation Vulnerability in Jenkins Pipeline Input Step Plugin,"The Jenkins Pipeline Input Step Plugin suffers from a security issue that allows for improper file handling. Specifically, it archives uploaded files associated with `file` parameters for Pipeline `input` steps within the controller. This occurs without appropriate sanitization, which means attackers can exploit this feature to craft Pipelines that may create or overwrite files in the Jenkins controller file system with their own content. Consequently, this vulnerability poses a serious risk for unauthorized file manipulation, potentially compromising the integrity and security of build processes.",Jenkins,Jenkins Pipeline: Input Step Plugin,7.5,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0