CVE-2022-34179

Name of the Vulnerable Software and Affected Versions Jenkins Embeddable Build Status Plugin versions 2.0.3 and earlier

Description The issue allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system by exploiting a relative path traversal vulnerability. This is possible because the style query parameter, used to choose a different SVG image style, does not restrict possible values.

Recommendations For Jenkins Embeddable Build Status Plugin versions 2.0.3 and earlier, update to version 2.0.4 or later, which restricts the style query parameter to one of the three legal values.