Vulnerabilities > Jenkins > Build Failure Analyzer > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-43499 Cross-site Scripting vulnerability in Jenkins Build Failure Analyzer
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
network
low complexity
jenkins CWE-79
5.4
2023-09-20 CVE-2023-43501 Missing Authorization vulnerability in Jenkins Build Failure Analyzer
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
network
low complexity
jenkins CWE-862
6.5
2023-09-20 CVE-2023-43502 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.
network
low complexity
jenkins CWE-352
4.3
2020-09-01 CVE-2020-2244 Cross-site Scripting vulnerability in Jenkins Build Failure Analyzer
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.
network
low complexity
jenkins CWE-79
5.4
2019-12-17 CVE-2019-16555 Resource Exhaustion vulnerability in Jenkins Build Failure Analyzer
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.
network
low complexity
jenkins CWE-400
6.5
2019-12-17 CVE-2019-16554 Incorrect Default Permissions vulnerability in Jenkins Build Failure Analyzer
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
network
low complexity
jenkins CWE-276
4.3
2017-02-09 CVE-2016-4988 Cross-site Scripting vulnerability in Jenkins Build Failure Analyzer
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
network
low complexity
jenkins CWE-79
6.1