CVE-2023-43500
published 2023-09-20CVE-2023-43500: A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | build_failure_analyzer | < 2.4.2 | 2.4.2 |
| jenkins | build_failure_analyzer_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_creates_a_temporary_file_when_a_plugin | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins_project | jenkins_build_failure_analyzer_plugin | <= 2.4.1 | — |