Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins build failure analyzer vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2013-6374
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin prior to 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Jenkins-ci Build Failure Analyzer 1.2.0
Jenkins-ci Build Failure Analyzer 1.4.0
Jenkins-ci Build Failure Analyzer 1.3.0
Jenkins-ci Build Failure Analyzer
3.5
CVSSv2
CVE-2020-2244
Jenkins Build Failure Analyzer Plugin 1.27.0 and previous versions does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indica...
Jenkins Build Failure Analyzer
4.3
CVSSv2
CVE-2016-4988
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin prior to 1.16.0 in Jenkins allows remote malicious users to inject arbitrary web script or HTML via an unspecified parameter.
Jenkins Build Failure Analyzer
6.8
CVSSv2
CVE-2019-16553
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and previous versions allows malicious users to have Jenkins evaluate a computationally expensive regular expression.
Jenkins Build Failure Analyzer
4
CVSSv2
CVE-2019-16554
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and previous versions allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
Jenkins Build Failure Analyzer
NA
CVE-2023-43499
Jenkins Build Failure Analyzer Plugin 2.4.1 and previous versions does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
Jenkins Build Failure Analyzer
NA
CVE-2023-43500
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and previous versions allows malicious users to connect to an attacker-specified hostname and port using attacker-specified username and password.
Jenkins Build Failure Analyzer
NA
CVE-2023-43501
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
Jenkins Build Failure Analyzer
NA
CVE-2023-43502
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and previous versions allows malicious users to delete Failure Causes.
Jenkins Build Failure Analyzer
4
CVSSv2
CVE-2019-16555
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and previous versions was processed in a way that wasn't interruptible, allowing malicious users to have Jenkins evaluate a regular expression without the ability to interrupt this process.
Jenkins Build Failure Analyzer
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started