CVE-2022-34180 Information

Description

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for �nprotected\ status badge access allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.

Reference

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794