Jenkins Build Failure Analyzer Plugin 1.27.0 and previous versions does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins build failure analyzer |