CVE-2023-43502

CWE-352 — Cross-Site Request Forgery (CSRF)5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.0%

top 86.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Build Failure Analyzer Jenkins Project Jenkins Build Failure Analyzer Plugin

Timeline

PublishedSep 20

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶Mavencom.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer< 2.4.2

▶CVEListV5jenkins_project/jenkins_build_failure_analyzer_plugin2.4.1

▶NVDjenkins/build_failure_analyzer< 2.4.2

🔴Vulnerability Details

OSV

Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability↗2023-09-20

▶

CVEList

CVE-2023-43502: A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2↗2023-09-20

▶

GHSA

Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability↗2023-09-20

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2023-09-20↗2023-09-20

▶