nvd-json-data-feeds/CVE-2022/CVE-2022-341xx/CVE-2022-34178.json

{
  "id": "CVE-2022-34178",
  "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
  "published": "2022-06-23T17:15:15.737",
  "lastModified": "2022-06-29T15:31:42.053",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability."
    },
    {
      "lang": "es",
      "value": "Jenkins Embeddable Build Status Plugin versi\u00f3n 2.0.3, permite especificar un par\u00e1metro de consulta \"link\" al que enlazar\u00e1n las insignias de estado de construcci\u00f3n, sin restringir los valores posibles, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) reflejado"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:jenkins:embeddable_build_status:2.0.3:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "3670F463-BFAA-47B7-8143-41774B91E86C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2567",
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}