[SECURITY] Fedora 42 Update: cef-140.1.15^chromium140.0.7339.207-3.fc42

CEF is an embeddable build of Chromium, powered by WebKit Blink...

[SECURITY] Fedora 42 Update: cef-139.0.26^chromium139.0.7258.127-1.fc42

CEF is an embeddable build of Chromium, powered by WebKit Blink...

GHSA-39R3-H8Q6-2PHQ Reflected Cross site scripting in Jenkins Embeddable Build Status Plugin

Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting XSS vulnerability. Embeddable Build Status Plugin 2.0.4 limits URLs to http and https...

GHSA-XXHF-XQ6V-C8MJ Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement

Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access. This allows attackers without any permissions to obtain the build status badge icon for any attacker-specified job...

Reflected Cross site scripting in Jenkins Embeddable Build Status Plugin

Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting XSS vulnerability. Embeddable Build Status Plugin 2.0.4 limits URLs to http and https...

Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement

Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access. This allows attackers without any permissions to obtain the build status badge icon for any attacker-specified job...

Jenkins Embeddable Build Status Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Embeddable Build Status Plugin ha...

CVE-2022-34179

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a style query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to...

CVE-2022-34179

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a style query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to...

CVE-2022-34179

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a style query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to...

CVE-2022-34180

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified j...

Path traversal

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a style query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to...

CVE-2022-34180

CVE-2022-34180 concerns the Jenkins Embeddable Build Status Plugin ( versions 2.0.3 and earlier ). The issue is that the plugin does not correctly perform the ViewStatus permission check in the HTTP endpoint used for unprotected status badge access. As a result, attackers with no permissions can ...

CVE-2022-34180

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified j...

CVE-2022-34179

CVE-2022-34179 affects Jenkins Embeddable Build Status Plugin, version 2.0.3 and earlier. The vulnerability arises from an unrestricted style query parameter used to select SVG image styles, enabling relative path traversal to SVGs on the Jenkins controller filesystem. Exploitation is possible wi...

CVE-2022-34178

CVE-2022-34178 affects Jenkins’ Embeddable Build Status Plugin (version 2.0.3). The vulnerability is a reflected XSS caused by accepting an unrestricted link query parameter in the badge URL, which can be reflected in the UI. The issue is addressed in the fixed release 2.0.4, which limits URLs to...

Jenkins Plugin Embeddable Build Status 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that is vulnerable to an authorization issue in Jenkins Embeddable Build Status Plugin 2.0.3 and earlier, which stems from an inability to properly perform a ViewStatus...

Cross site scripting

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin...

CVE-2019-10346

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin...