CVE-2022-34180

EUVD-2022-6198
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
jenkinsembeddable_build_status
𝑥
≤ 2.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794