CVE-2022-34180 is a vulnerability in Jenkins Embeddable Build Status
Published on June 23, 2022

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.

NVD

Products Associated with CVE-2022-34180

Want to know whenever a new CVE is published for Jenkins Embeddable Build Status? stack.watch will email you.

Jenkins Embeddable Build Status

Affected Versions

Jenkins project Jenkins Embeddable Build Status Plugin:

Version unspecified, <= 2.0.3 is affected.

Exploit Probability

EPSS

0.56%

Percentile

67.84%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-34180 is a vulnerability in Jenkins Embeddable Build StatusPublished on June 23, 2022

Products Associated with CVE-2022-34180

Affected Versions

Exploit Probability

CVE-2022-34180 is a vulnerability in Jenkins Embeddable Build Status
Published on June 23, 2022