Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.
References
Link | Resource |
---|---|
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794 | Vendor Advisory |
Configurations
History
21 Jul 2023, 17:18
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 |
29 Jun 2022, 15:34
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:jenkins:embeddable_build_status:*:*:*:*:*:jenkins:*:* | |
First Time |
Jenkins
Jenkins embeddable Build Status |
23 Jun 2022, 17:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-23 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-34180
Mitre link : CVE-2022-34180
CVE.ORG link : CVE-2022-34180
JSON object : View
Products Affected
jenkins
- embeddable_build_status
CWE
CWE-863
Incorrect Authorization