Lucene search
HistorySep 20, 2023 - 5:15 p.m.
CVE-2023-43502
cve-2023-43502
csrf
jenkins
build failure analyzer plugin
security vulnerability
nvd
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.5 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.8%
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.
Affected configurations
Node
jenkinsbuild_failure_analyzerRange<2.4.2jenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:build_failure_analyzer | jenkins build failure analyzer | lt | 2.4.2 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Jenkins Build Failure Analyzer Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "2.4.1",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]Related
cvelist
cvelist
CVE-2023-43502
2023-09-20 16:06:13
osv
osv
CVE-2023-43502
2023-09-20 17:15:12
veracode
veracode
Cross-Site Request Forgery
2023-09-25 07:20:21
prion
prion
Cross site request forgery (csrf)
2023-09-20 17:15:00
nvd
nvd
CVE-2023-43502
2023-09-20 17:15:12
github
github
nessus
nessus
Jenkins Plugins Multiple Vulnerabilities (2023-09-20)
2023-09-25 00:00:00
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.5 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.8%
Related for CVE-2023-43502