81 matches found
CVE-2023-43502
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...
CVE-2019-16554
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...
CVE-2019-16555
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process...
EUVD-2013-6199
Malware in sbrugna...
EUVD-2023-2425
Malicious code in bioql PyPI...
EUVD-2022-5752
Malicious code in bioql PyPI...
EUVD-2022-2490
Malicious code in bioql PyPI...
com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0), com.lookout.jenkins:environment-script (=100.v3a_f1a_6a_b_7549) +126 more potentially affected by CVE-2024-34145 via org.jenkins-ci.plugins:script-security (>=1138.v8e727069a_025 <=1335.vf07d9ce377a_e)
org.jenkins-ci.plugins:script-security MAVEN version =1138.v8e727069a025, =2.33.0, =1.1.0.413.v3023d27e8434, =320.v5a0933ae7d61, =2.4.2, =3.0, =4.1.0, =1.27.17, =1.27.4, =1.27.4, =1714.v09593e830cfa, =11.2.0, =12.9.1 and more Source cves: CVE-2024-34145 Source advisory:...
de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator (>=1.0 <=1.2.1) potentially affected by CVE-2023-43501 via com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (=1.13.0)
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer MAVEN version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer and may be impacted: -...
GHSA-58RQ-69JP-XC23 Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...
Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes. Build Failure Analyzer Plugin 2.4.2 escapes Failure Cause...
de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator (>=1.0 <=1.2.1) potentially affected by CVE-2023-43502 via com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (=1.13.0)
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer MAVEN version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer and may be impacted: -...
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...
de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator (>=1.0 <=1.2.1) potentially affected by CVE-2023-43499 via com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (=1.13.0)
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer MAVEN version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer and may be impacted: -...
GHSA-262F-77Q5-RQV6 Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes. Build Failure Analyzer Plugin 2.4.2 escapes Failure Cause...
de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator (>=1.0 <=1.2.1) potentially affected by CVE-2023-43500 via com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (=1.13.0)
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer MAVEN version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer and may be impacted: -...
GHSA-2WWH-QGH8-W9XW Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not require POST requests for an HTTP endpoint, resulting in cross-site request forgery CSRF vulnerabilities. This vulnerability allows attackers to delete Failure Causes. Build Failure Analyzer Plugin 2.4.2 requires POST requests for t...
GHSA-55Q6-R3HM-7FF4 Jenkins Build Failure Analyzer Plugin missing permission check
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...
Jenkins Build Failure Analyzer Plugin missing permission check
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...
CVE-2023-43502
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...