Jenkins Build Failure Analyzer vulnerabilities
9 known vulnerabilities affecting jenkins/build_failure_analyzer.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2023-43500HIGHCVSS 8.8fixed in 2.4.22023-09-20
CVE-2023-43500 [HIGH] CWE-352 CVE-2023-43500: A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
nvd
CVE-2023-43501MEDIUMCVSS 6.5fixed in 2.4.22023-09-20
CVE-2023-43501 [MEDIUM] CWE-862 CVE-2023-43501: A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attacke
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
nvd
CVE-2023-43499MEDIUMCVSS 5.4fixed in 2.4.22023-09-20
CVE-2023-43499 [MEDIUM] CWE-79 CVE-2023-43499: Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
nvd
CVE-2023-43502MEDIUMCVSS 4.3fixed in 2.4.22023-09-20
CVE-2023-43502 [MEDIUM] CWE-352 CVE-2023-43502: A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.
nvd
CVE-2020-2244MEDIUMCVSS 5.4≤ 1.27.02020-09-01
CVE-2020-2244 [MEDIUM] CWE-79 CVE-2020-2244: Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form val
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.
nvd
CVE-2019-16553HIGHCVSS 8.8≤ 1.24.12019-12-17
CVE-2019-16553 [HIGH] CWE-352 CVE-2019-16553: A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earli
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.
nvd
CVE-2019-16554MEDIUMCVSS 4.3≤ 1.24.12019-12-17
CVE-2019-16554 [MEDIUM] CWE-276 CVE-2019-16554: A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attack
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
nvd
CVE-2019-16555MEDIUMCVSS 6.5≤ 1.24.12019-12-17
CVE-2019-16555 [MEDIUM] CWE-400 CVE-2019-16555: A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was p
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.
nvd
CVE-2016-4988MEDIUMCVSS 6.1fixed in 1.16.02017-02-09
CVE-2016-4988 [MEDIUM] CWE-79 CVE-2016-4988: Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenki
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
nvd