Vulnerability Details CVE-2022-34178
Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.161
EPSS Ranking 94.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2022-34178
-
cpe:2.3:a:jenkins:embeddable_build_status:2.0.3