CVE-2022-34180

EPSS 0.56%
Published 23.06.2022 17:15:15
Last modified 21.11.2024 07:09:00
Source jenkinsci-cert@googlegroups.co
Teams watchlist Login
Open Login

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Jenkins ≫ Embeddable Build Status SwPlatformjenkins Version <= 2.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.56%	0.671

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-34180

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-34180

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-34180

EUVD