漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jenkins Plugin Pipeline:Input Step 跨站请求伪造漏洞
Vulnerability Description
Jenkins和Jenkins Plugin都是Jenkins开源的产品。Jenkins是一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。Jenkins Plugin是一个应用软件。 Jenkins Plugin Pipeline:Input Step 451.vf1a_a_4f405289及之前版本存在安全漏洞,该漏洞源于不会限制或清理“输入”步骤的可选指定 ID,攻击者利用该漏洞可以配置管道让 Jenkins 从“输入”步骤 ID 构建 URL,当与“
CVSS Information
N/A
Vulnerability Type
N/A