cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-34178,https://securityvulnerability.io/vulnerability/CVE-2022-34178,Reflected Cross-Site Scripting Vulnerability in Jenkins Embeddable Build Status Plugin,"The Jenkins Embeddable Build Status Plugin version 2.0.3 suffers from a reflected cross-site scripting (XSS) vulnerability due to insufficiently restricted 'link' query parameters for build status badges. This vulnerability allows an attacker to craft malicious links that, when clicked by users, can execute arbitrary JavaScript in their browser. As a result, this can lead to session hijacking, data theft, and other exploitative actions against unsuspecting users.",Jenkins,Jenkins Embeddable Build Status Plugin,6.1,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0
CVE-2022-34180,https://securityvulnerability.io/vulnerability/CVE-2022-34180,Permission Check Flaw in Jenkins Embeddable Build Status Plugin,"The Jenkins Embeddable Build Status Plugin versions up to 2.0.3 lack proper checks for the ViewStatus permission in their HTTP endpoint. This flaw allows unauthorized users to access the build status badge for any specified job, leading to potential information disclosure. Attackers can exploit this vulnerability to gain insights into the build status of jobs without the necessary permissions.",Jenkins,Jenkins Embeddable Build Status Plugin,7.5,HIGH,0.0015200000489130616,false,,false,false,false,,,false,false,,2022-06-22T14:41:06.000Z,0
CVE-2022-34179,https://securityvulnerability.io/vulnerability/CVE-2022-34179,Relative Path Traversal Vulnerability in Jenkins Embeddable Build Status Plugin,"The Jenkins Embeddable Build Status Plugin versions up to 2.0.3 is susceptible to a relative path traversal vulnerability. This issue arises from the lack of restrictions on the `style` query parameter, which allows attackers to specify arbitrary paths to SVG images on the Jenkins controller file system. Importantly, this vulnerability can be exploited by users who lack Overall/Read permissions, enabling unauthorized access and manipulation of files on the system.",Jenkins,Jenkins Embeddable Build Status Plugin,7.5,HIGH,0.0022100000642240047,false,,false,false,false,,,false,false,,2022-06-22T14:41:04.000Z,0
CVE-2019-10346,https://securityvulnerability.io/vulnerability/CVE-2019-10346,,A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.,Jenkins,Jenkins Embeddable Build Status Plugin,6.1,MEDIUM,0.0013299999991431832,false,,false,false,false,,,false,false,,2019-07-11T13:55:17.000Z,0