Lucene search
K
JenkinsEmbeddable Build Status

4 matches found

CVE
CVE
added 2022/06/22 2:41 p.m.120 views

CVE-2022-34178

CVE-2022-34178 affects Jenkins’ Embeddable Build Status Plugin (version 2.0.3). The vulnerability is a reflected XSS caused by accepting an unrestricted link query parameter in the badge URL, which can be reflected in the UI. The issue is addressed in the fixed release 2.0.4, which limits URLs to...

6.1CVSS5.8AI score0.00911EPSS
CVE
CVE
added 2022/06/22 2:41 p.m.100 views

CVE-2022-34179

CVE-2022-34179 affects Jenkins Embeddable Build Status Plugin, version 2.0.3 and earlier. The vulnerability arises from an unrestricted style query parameter used to select SVG image styles, enabling relative path traversal to SVGs on the Jenkins controller filesystem. Exploitation is possible wi...

7.5CVSS7.3AI score0.01596EPSS
CVE
CVE
added 2022/06/22 2:41 p.m.100 views

CVE-2022-34180

CVE-2022-34180 concerns the Jenkins Embeddable Build Status Plugin ( versions 2.0.3 and earlier ). The issue is that the plugin does not correctly perform the ViewStatus permission check in the HTTP endpoint used for unprotected status badge access. As a result, attackers with no permissions can ...

7.5CVSS7.3AI score0.01137EPSS
CVE
CVE
added 2019/07/11 1:55 p.m.64 views

CVE-2019-10346

Summary of CVE-2019-10346 : A reflected cross-site scripting vulnerability in the Jenkins Embeddable Build Status Plugin (versions ≤ 2.0.1) allows attackers to inject arbitrary HTML and JavaScript into the plugin response. The issue stems from unsafe handling of output in the plugin, enabling cli...

6.1CVSS6AI score0.01693EPSS