Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins build failure analyzer vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-6374
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin prior to 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Jenkins-ci Build Failure Analyzer 1.2.0
Jenkins-ci Build Failure Analyzer 1.4.0
Jenkins-ci Build Failure Analyzer 1.3.0
Jenkins-ci Build Failure Analyzer
6.5
CVSSv3
CVE-2019-16555
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and previous versions was processed in a way that wasn't interruptible, allowing malicious users to have Jenkins evaluate a regular expression without the ability to interrupt this process.
Jenkins Build Failure Analyzer
5.4
CVSSv3
CVE-2023-43499
Jenkins Build Failure Analyzer Plugin 2.4.1 and previous versions does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
Jenkins Build Failure Analyzer
8.8
CVSSv3
CVE-2023-43500
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and previous versions allows malicious users to connect to an attacker-specified hostname and port using attacker-specified username and password.
Jenkins Build Failure Analyzer
6.5
CVSSv3
CVE-2023-43501
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
Jenkins Build Failure Analyzer
4.3
CVSSv3
CVE-2023-43502
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and previous versions allows malicious users to delete Failure Causes.
Jenkins Build Failure Analyzer
6.1
CVSSv3
CVE-2016-4988
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin prior to 1.16.0 in Jenkins allows remote malicious users to inject arbitrary web script or HTML via an unspecified parameter.
Jenkins Build Failure Analyzer
5.4
CVSSv3
CVE-2020-2244
Jenkins Build Failure Analyzer Plugin 1.27.0 and previous versions does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indica...
Jenkins Build Failure Analyzer
8.8
CVSSv3
CVE-2019-16553
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and previous versions allows malicious users to have Jenkins evaluate a computationally expensive regular expression.
Jenkins Build Failure Analyzer
4.3
CVSSv3
CVE-2019-16554
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and previous versions allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
Jenkins Build Failure Analyzer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started