CVE-2022-34180: 
Java vulnerability analysis and mitigation

CVE-2022-34180 affects the Jenkins Embeddable Build Status Plugin versions 2.0.3 and earlier. The vulnerability was disclosed on June 22, 2022, as part of the Jenkins Security Advisory. This security issue involves improper authorization in the plugin's HTTP endpoint for unprotected status badge access (Jenkins Advisory).

The vulnerability stems from an incorrect implementation of the ViewStatus permission check in the HTTP endpoint that provides unprotected status badge access. The CVSS v3.1 base score is 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating a network-accessible vulnerability requiring no privileges or user interaction (NVD).

The vulnerability allows attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build, potentially exposing sensitive build status information (Jenkins Advisory).

The vulnerability has been fixed in Embeddable Build Status Plugin version 2.0.4, which now properly requires ViewStatus permission to obtain the build status badge icon. Users should upgrade to this version to mitigate the vulnerability (Jenkins Advisory).