CVE-2019-16553: A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
jenkins	alauda_devops_pipeline_plugin	—	—
jenkins	alauda_kubernetes_suport_plugin	—	—
jenkins	build_failure_analyzer	<= 1.24.1	—
jenkins	build_failure_analyzer_plugin	—	—
jenkins	gerrit_trigger_plugin	—	—
jenkins	ids_in_team_concert_plugin	—	—
jenkins	ids_to_allow_users_configuring_the_plugin	—	—
jenkins	jenkins_and_plugin	—	—
jenkins	mantis_plugin	—	—
jenkins	maven_release_plug-in_plugin	—	—
jenkins	mission_control_plugin	—	—
jenkins	pipeline_aggregator_view_plugin	—	—
jenkins	rapiddeploy_plugin	—	—
jenkins	redgate_sql_change_automation_plugin	—	—
jenkins	rundeck_plugin	—	—
jenkins	sctmexecutor_plugin	—	—
jenkins	spira_importer_plugin	—	—
jenkins	team_concert_plugin	—	—
jenkins	websphere_deployer_plugin	—	—
jenkins	weibo_plugin	—	—
jenkins_project	jenkins_build_failure_analyzer_plugin	unspecified – 1.24.1	—