Reflected Cross-Site Scripting Vulnerability in Jenkins Embeddable Build Status Plugin
CVE-2022-34178
6.1MEDIUM
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 23 June 2022
Summary
The Jenkins Embeddable Build Status Plugin version 2.0.3 suffers from a reflected cross-site scripting (XSS) vulnerability due to insufficiently restricted 'link' query parameters for build status badges. This vulnerability allows an attacker to craft malicious links that, when clicked by users, can execute arbitrary JavaScript in their browser. As a result, this can lead to session hijacking, data theft, and other exploitative actions against unsuspecting users.
Affected Version(s)
Jenkins Embeddable Build Status Plugin 2.0.3
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved