org.jenkins-ci.plugins:pipeline-input-step

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jenkins-ci.plugins:pipeline-input-steppage 1 of 1

CVE-2017-1000108HIGHCVSS 7.5EG 7.5✓ Fixed in 2.7
2017-10-05
vulnerable: 2.0 ... 2.6 (7 versions)
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.
CVE-2022-34177HIGHCVSS 7.5EG 7.5✓ Fixed in 449.v77f0e8b
2022-06-23
vulnerable: 2.0 ... 448.v37cea_9a_10a_70 (20 versions)
Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a r…
CVE-2022-43407HIGHCVSS 8.8EG 8.8✓ Fixed in 456.vd8a_957db_5b_e9
2022-10-19
vulnerable: 2.0 ... 451.vf1a_a_4f405289 (23 versions)
Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (procee…

Check whether org.jenkins-ci.plugins:pipeline-input-step is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:pipeline-input-step CVEs against the assets you own.

Start Free Scan →