CVE-2022-43408EPSS p35.2%

CVE-2022-43408CVE-2022-43408

jenkins / pipeline\

Description

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS0.44% probability of exploitation · percentile 35.2% · 2026-06-18T12:00:27Z
Last modified2026-06-17
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.