CVE-2022-34180

EPSS 0.56%
Veröffentlicht 23.06.2022 17:15:15
Zuletzt bearbeitet 21.11.2024 07:09:00
Quelle jenkinsci-cert@googlegroups.co
Teams Watchlist Login
Unerledigt Login

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jenkins ≫ Embeddable Build Status SwPlatformjenkins Version <= 2.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.671

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-34180

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-34180

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-34180

EUVD