46 matches found
PT-2024-22662 · Hitachi Vantara · Analyzer Plugin +1
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.1.0.0 Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.7 Hitachi Vantara Pentaho Business Analytics Server version 8.3.x Description: The issue...
GHSA-58RQ-69JP-XC23 Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...
CVE-2023-43501
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43500
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43502
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...
Cross site scripting
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes...
Default credentials
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43502
The CVE-2023-43502 entry concerns a CSRF vulnerability in the Jenkins Build Failure Analyzer Plugin (versions 2.4.1 and earlier). The underlying issue is that the plugin did not require POST for an HTTP endpoint, allowing attackers to delete Failure Causes by crafting a request that is executed i...
CVE-2023-43500
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43501
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43501
CVE-2023-43501 affects Jenkins Build Failure Analyzer Plugin (versions ≤ 2.4.1). A missing permission check in the plugin’s connection-test endpoint allows attackers with Overall/Read to reach an attacker-specified hostname:port using attacker-specified credentials, per initial description. Conne...
CVE-2023-43500
CVE-2023-43500 affects Jenkins Build Failure Analyzer Plugin (version ≤ 2.4.1). The vulnerability is a CSRF flaw that lets an attacker cause the plugin to connect to an attacker‑specified hostname/port using attacker‑supplied username and password. This is described across multiple sources (NVD e...
CVE-2023-43499
CVE-2023-43499 concerns Jenkins’ Build Failure Analyzer Plugin up to version 2.4.1. The affected component does not escape Failure Cause names in build logs, causing a stored XSS vulnerability exploitable by attackers able to create or update Failure Causes. Documents indicate vulnerable versions...
PT-2023-28848 · Jenkins · Jenkins Build Failure Analyzer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Build Failure Analyzer Plugin versions 2.4.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to delete Failure Causes. This issue arises because the plugin does not require POST requests for a...
CVE-2021-45448 Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user supplied path to access resources that are out of bounds.
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended...
XSS vulnerability in Jenkins Build Failure Analyzer Plugin
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. Build Failure Analyzer...
Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression...
CVE-2020-2244
Summary: CVE-2020-2244 affects the Jenkins Build Failure Analyzer Plugin (version 1.27.0 and earlier). The vulnerability is an XSS due to unescaped matching text in a form validation response, which can be triggered by attackers who can supply console output for builds used to test build log indi...
CVE-2019-16554
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...