GHSA-39R3-H8Q6-2PHQ Reflected Cross site scripting in Jenkins Embeddable Build Status Plugin

Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting XSS vulnerability. Embeddable Build Status Plugin 2.0.4 limits URLs to http and https...

GHSA-XXHF-XQ6V-C8MJ Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement

Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access. This allows attackers without any permissions to obtain the build status badge icon for any attacker-specified job...

Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement

Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access. This allows attackers without any permissions to obtain the build status badge icon for any attacker-specified job...

CVE-2022-34180

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified j...

CVE-2022-34179

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a style query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to...

CVE-2022-34179

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a style query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to...

CVE-2022-34180

CVE-2022-34180 concerns the Jenkins Embeddable Build Status Plugin ( versions 2.0.3 and earlier ). The issue is that the plugin does not correctly perform the ViewStatus permission check in the HTTP endpoint used for unprotected status badge access. As a result, attackers with no permissions can ...

CVE-2022-34180

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified j...

CVE-2022-34179

CVE-2022-34179 affects Jenkins Embeddable Build Status Plugin, version 2.0.3 and earlier. The vulnerability arises from an unrestricted style query parameter used to select SVG image styles, enabling relative path traversal to SVGs on the Jenkins controller filesystem. Exploitation is possible wi...

CVE-2022-34178

CVE-2022-34178 affects Jenkins’ Embeddable Build Status Plugin (version 2.0.3). The vulnerability is a reflected XSS caused by accepting an unrestricted link query parameter in the badge URL, which can be reflected in the UI. The issue is addressed in the fixed release 2.0.4, which limits URLs to...

Jenkins Plugin Embeddable Build Status 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Embeddable Build Status Plugin ha...

PT-2022-22045 · Jenkins · Jenkins Embeddable Build Status Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Embeddable Build Status Plugin version 2.0.3 Description: The issue allows specifying a link query parameter for build status badges without restricting possible values, resulting in a reflected cross-site scripting XSS vulnerability...

CVE-2019-10346

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin...

CVE-2019-10346

Summary of CVE-2019-10346 : A reflected cross-site scripting vulnerability in the Jenkins Embeddable Build Status Plugin (versions ≤ 2.0.1) allows attackers to inject arbitrary HTML and JavaScript into the plugin response. The issue stems from unsafe handling of output in the plugin, enabling cli...

PT-2019-11745 · Jenkins · Jenkins Embeddable Build Status Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Embeddable Build Status Plugin versions 2.0.1 and earlier Description: A reflected cross site scripting issue allows attackers to inject arbitrary HTML and JavaScript into the response of the plugin. This enables them to execute...