CVE-2023-43501
published 2023-09-20CVE-2023-43501: A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | build_failure_analyzer | < 2.4.2 | 2.4.2 |
| jenkins | build_failure_analyzer_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_creates_a_temporary_file_when_a_plugin | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins_project | jenkins_build_failure_analyzer_plugin | <= 2.4.1 | — |