Lucene search
JenkinsCVE-2023-43502HistorySep 20, 2023 - 5:15 p.m.
CVE-2023-43502
2023-09-2017:15:12
CWE-352
jenkins
web.nvd.nist.gov
28
cve-2023-43502
csrf
jenkins
build failure analyzer plugin
security vulnerability
nvd
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
4.5
Confidence
High
EPSS
0.001
Percentile
21.8%
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.
Affected configurations
Node
jenkinsbuild_failure_analyzerRange<2.4.2jenkins
| Vendor | Product | Version | CPE |
|---|---|---|---|
| jenkins | build_failure_analyzer | * | cpe:2.3:a:jenkins:build_failure_analyzer:*:*:*:*:*:jenkins:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Jenkins Build Failure Analyzer Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "2.4.1",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]Related
cvelist
cvelist
CVE-2023-43502
2023-09-20 16:06:13
github
github
prion
prion
Cross site request forgery (csrf)
2023-09-20 17:15:00
nvd
nvd
CVE-2023-43502
2023-09-20 17:15:12
veracode
veracode
Cross-Site Request Forgery
2023-09-25 07:20:21
osv
osv
CVE-2023-43502
2023-09-20 17:15:12
vulnrichment
vulnrichment
CVE-2023-43502
2023-09-20 16:06:13
nessus
nessus
Jenkins Plugins Multiple Vulnerabilities (2023-09-20)
2023-09-25 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
4.5
Confidence
High
EPSS
0.001
Percentile
21.8%
Related for CVE-2023-43502