CVE-2022-34179

CWE-22 — Path Traversal5 documents5 sources

Severity

7.5HIGH

EPSS

0.2%

top 58.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Embeddable Build Status Plugin Jenkins Embeddable Build Status

Timeline

PublishedJun 23

Latest updateJun 24

Description

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:embeddable-build-status< 2.0.4

▶CVEListV5jenkins_project/jenkins_embeddable_build_status_pluginunspecified — 2.0.3

▶NVDjenkins/embeddable_build_status2.0.3

🔴Vulnerability Details

OSV

Path Traversal vulnerability in Jenkins Embeddable Build Status Plugin↗2022-06-24

▶

GHSA

Path Traversal vulnerability in Jenkins Embeddable Build Status Plugin↗2022-06-24

▶

CVEList

CVE-2022-34179: Jenkins Embeddable Build Status Plugin 2↗2022-06-22

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-06-22↗2022-06-22

▶