Jenkins

Build Failure Analyzer

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-43500

  • EPSS 0.06%
  • Veröffentlicht 20.09.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 08:24:09

A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.

6.5

CVE-2023-43501

  • EPSS 0.04%
  • Veröffentlicht 20.09.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 08:24:10

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

4.3

CVE-2023-43502

  • EPSS 0.04%
  • Veröffentlicht 20.09.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 08:24:10

A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.

5.4

CVE-2023-43499

  • EPSS 3.54%
  • Veröffentlicht 20.09.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 08:24:09

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.

5.4

CVE-2020-2244

  • EPSS 0.17%
  • Veröffentlicht 01.09.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:25:04

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to t...

8.8

CVE-2019-16553

  • EPSS 0.11%
  • Veröffentlicht 17.12.2019 15:15:16
  • Zuletzt bearbeitet 21.11.2024 04:30:48

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.

4.3

CVE-2019-16554

  • EPSS 0.06%
  • Veröffentlicht 17.12.2019 15:15:16
  • Zuletzt bearbeitet 21.11.2024 04:30:48

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.

6.5

CVE-2019-16555

  • EPSS 0.13%
  • Veröffentlicht 17.12.2019 15:15:16
  • Zuletzt bearbeitet 21.11.2024 04:30:49

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this pr...

6.1

CVE-2016-4988

  • EPSS 0.11%
  • Veröffentlicht 09.02.2017 15:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.