Jenkins - Build Failure Analyzer CVE - OpenCVE

Filtered by vendor Jenkins Subscriptions

Filtered by product Build Failure Analyzer Subscriptions

Total 9 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2016-4988	1 Jenkins	1 Build Failure Analyzer	2024-08-06	6.1 Medium
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
CVE-2019-16555	1 Jenkins	1 Build Failure Analyzer	2024-08-05	6.5 Medium
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.
CVE-2019-16554	1 Jenkins	1 Build Failure Analyzer	2024-08-05	4.3 Medium
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
CVE-2019-16553	1 Jenkins	1 Build Failure Analyzer	2024-08-05	8.8 High
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.
CVE-2020-2244	1 Jenkins	1 Build Failure Analyzer	2024-08-04	5.4 Medium
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.
CVE-2023-43502	1 Jenkins	1 Build Failure Analyzer	2024-08-02	4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.
CVE-2023-43499	1 Jenkins	1 Build Failure Analyzer	2024-08-02	5.4 Medium
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
CVE-2023-43500	1 Jenkins	1 Build Failure Analyzer	2024-08-02	8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
CVE-2023-43501	1 Jenkins	1 Build Failure Analyzer	2024-08-02	6.5 Medium
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

Page 1 of 1.