Reflected Cross-Site Scripting Vulnerability in Jenkins Embeddable Build Status Plugin

CVE-2022-34178

What is CVE-2022-34178?

The Jenkins Embeddable Build Status Plugin version 2.0.3 suffers from a reflected cross-site scripting (XSS) vulnerability due to insufficiently restricted 'link' query parameters for build status badges. This vulnerability allows an attacker to craft malicious links that, when clicked by users, can execute arbitrary JavaScript in their browser. As a result, this can lead to session hijacking, data theft, and other exploitative actions against unsuspecting users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References