A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.

Affected Packages

Maven io.jenkins.plugins:embeddable-build-status-plugin

Affected versions: 0 (fixed in 2.0.2)

Related CVEs

CVE-2019-10346

Key Information

GHSA ID

GHSA-94rj-c4jj-v476

Published

May 24, 2022 4:50 PM

Last Modified

February 1, 2023 1:35 AM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

io.jenkins.plugins:embeddable-build-status-plugin

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.