← volver
CVE-2022-34180

CVE-2022-34180

EPSS 1.1%
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.
Productos afectados
Jenkins project · Jenkins Embeddable Build Status Plugin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794