Vulnerability Details : CVE-2022-34180
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.
Exploit prediction scoring system (EPSS) score for CVE-2022-34180
Probability of exploitation activity in the next 30 days: 0.17%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 53 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-34180
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
[email protected] |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
[email protected] |
CWE ids for CVE-2022-34180
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: [email protected] (Secondary)
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.Assigned by: [email protected] (Primary)
References for CVE-2022-34180
Products affected by CVE-2022-34180
- cpe:2.3:a:jenkins:embeddable_build_status:*:*:*:*:*:jenkins:*:*