CVE-2022-34180
HIGHJenkins Embeddable Build Status Plugin <2.0.3 - Info Disclosure
Title source: llmDescription
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794
Scores
CVSS v3
7.5
EPSS
0.0030
EPSS Percentile
53.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (2)
jenkins/embeddable_build_status
< 2.0.3
org.jenkins-ci.plugins/embeddable-build-status
0 - 2.0.4Maven
Published
Jun 23, 2022
Tracked Since
Feb 18, 2026