Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.
References
| Link | Resource |
|---|---|
| https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794 | Vendor Advisory |
| https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794 | Vendor Advisory |
Configurations
History
21 Nov 2024, 07:09
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794 - Vendor Advisory |
21 Jul 2023, 17:18
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-863 |
Information
Published : 2022-06-23 17:15
Updated : 2024-11-21 07:09
NVD link : CVE-2022-34180
Mitre link : CVE-2022-34180
CVE.ORG link : CVE-2022-34180
JSON object : View
Products Affected
jenkins
- embeddable_build_status
CWE
CWE-863
Incorrect Authorization