Maven package
com.sonyericsson.jenkins.plugins.bfa/build-failure-analyzer
pkg:maven/com.sonyericsson.jenkins.plugins.bfa/build-failure-analyzer
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-43502 | — | < 2.4.2 | 2.4.2 | Sep 20, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. | ||
| CVE-2023-43501 | — | < 2.4.2 | 2.4.2 | Sep 20, 2023 | A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | ||
| CVE-2023-43500 | — | < 2.4.2 | 2.4.2 | Sep 20, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. | ||
| CVE-2023-43499 | — | < 2.4.2 | 2.4.2 | Sep 20, 2023 | Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes. | ||
| CVE-2020-2244 | — | < 1.27.1 | 1.27.1 | Sep 1, 2020 | Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. | ||
| CVE-2019-16555 | — | < 1.24.2 | 1.24.2 | Dec 17, 2019 | A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process. | ||
| CVE-2019-16554 | — | < 1.24.2 | 1.24.2 | Dec 17, 2019 | A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression. | ||
| CVE-2019-16553 | — | < 1.24.2 | 1.24.2 | Dec 17, 2019 | A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. | ||
| CVE-2016-4988 | Med | 6.1 | < 1.16.0 | 1.16.0 | Feb 9, 2017 | Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | |
| CVE-2013-6374 | — | < 1.5.1 | 1.5.1 | Nov 25, 2013 | Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
- CVE-2023-43502Sep 20, 2023affected < 2.4.2fixed 2.4.2
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.
- CVE-2023-43501Sep 20, 2023affected < 2.4.2fixed 2.4.2
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
- CVE-2023-43500Sep 20, 2023affected < 2.4.2fixed 2.4.2
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
- CVE-2023-43499Sep 20, 2023affected < 2.4.2fixed 2.4.2
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
- CVE-2020-2244Sep 1, 2020affected < 1.27.1fixed 1.27.1
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.
- CVE-2019-16555Dec 17, 2019affected < 1.24.2fixed 1.24.2
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.
- CVE-2019-16554Dec 17, 2019affected < 1.24.2fixed 1.24.2
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
- CVE-2019-16553Dec 17, 2019affected < 1.24.2fixed 1.24.2
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.
- affected < 1.16.0fixed 1.16.0
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
- CVE-2013-6374Nov 25, 2013affected < 1.5.1fixed 1.5.1
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.