VYPR

Build Failure Analyzer

by Jenkins Project

Source repositories

CVEs (10)

  • CVE-2016-4988MedFeb 9, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

  • CVE-2023-43502Sep 20, 2023
    risk 0.00cvss epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.

  • CVE-2023-43501Sep 20, 2023
    risk 0.00cvss epss 0.01

    A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

  • CVE-2023-43500Sep 20, 2023
    risk 0.00cvss epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.

  • CVE-2023-43499Sep 20, 2023
    risk 0.00cvss epss 0.01

    Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.

  • CVE-2020-2244Sep 1, 2020
    risk 0.00cvss epss 0.01

    Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.

  • CVE-2019-16555Dec 17, 2019
    risk 0.00cvss epss 0.01

    A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.

  • CVE-2019-16554Dec 17, 2019
    risk 0.00cvss epss 0.01

    A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.

  • CVE-2019-16553Dec 17, 2019
    risk 0.00cvss epss 0.01

    A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.

  • CVE-2013-6374Nov 25, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.