4 matches found
CVE-2022-34178
CVE-2022-34178 affects Jenkins’ Embeddable Build Status Plugin (version 2.0.3). The vulnerability is a reflected XSS caused by accepting an unrestricted link query parameter in the badge URL, which can be reflected in the UI. The issue is addressed in the fixed release 2.0.4, which limits URLs to...
CVE-2022-34179
CVE-2022-34179 affects Jenkins Embeddable Build Status Plugin, version 2.0.3 and earlier. The vulnerability arises from an unrestricted style query parameter used to select SVG image styles, enabling relative path traversal to SVGs on the Jenkins controller filesystem. Exploitation is possible wi...
CVE-2022-34180
CVE-2022-34180 concerns the Jenkins Embeddable Build Status Plugin ( versions 2.0.3 and earlier ). The issue is that the plugin does not correctly perform the ViewStatus permission check in the HTTP endpoint used for unprotected status badge access. As a result, attackers with no permissions can ...
CVE-2019-10346
Summary of CVE-2019-10346 : A reflected cross-site scripting vulnerability in the Jenkins Embeddable Build Status Plugin (versions ≤ 2.0.1) allows attackers to inject arbitrary HTML and JavaScript into the plugin response. The issue stems from unsafe handling of output in the plugin, enabling cli...