Lucene search
K

46 matches found

Positive Technologies
Positive Technologies
added 2024/06/26 12:0 a.m.4 views

PT-2024-22662 · Hitachi Vantara · Analyzer Plugin +1

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.1.0.0 Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.7 Hitachi Vantara Pentaho Business Analytics Server version 8.3.x Description: The issue...

8.8CVSS6.5AI score0.00292EPSS
Exploits0References7
OSV
OSV
added 2023/09/20 6:30 p.m.35 views

GHSA-58RQ-69JP-XC23 Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...

4.3CVSS8.7AI score0.00406EPSS
Exploits0References3
NVD
NVD
added 2023/09/20 5:15 p.m.36 views

CVE-2023-43501

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

6.5CVSS6.9AI score0.00504EPSS
Exploits0References2
NVD
NVD
added 2023/09/20 5:15 p.m.28 views

CVE-2023-43500

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...

8.8CVSS8.8AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2023/09/20 5:15 p.m.27 views

CVE-2023-43502

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...

4.3CVSS7AI score
Exploits0References2
Prion
Prion
added 2023/09/20 5:15 p.m.24 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...

4.3CVSS4.6AI score0.00339EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/20 5:15 p.m.26 views

Cross site scripting

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes...

4.9CVSS5.2AI score0.00521EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/20 5:15 p.m.27 views

Default credentials

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

4CVSS6.3AI score0.00504EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/20 4:6 p.m.68 views

CVE-2023-43502

The CVE-2023-43502 entry concerns a CSRF vulnerability in the Jenkins Build Failure Analyzer Plugin (versions 2.4.1 and earlier). The underlying issue is that the plugin did not require POST for an HTTP endpoint, allowing attackers to delete Failure Causes by crafting a request that is executed i...

4.3CVSS4.5AI score0.00339EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/20 4:6 p.m.43 views

CVE-2023-43500

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...

8.9AI score0.00406EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/20 4:6 p.m.40 views

CVE-2023-43501

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

6.8AI score0.00504EPSS
Exploits0References2
CVE
CVE
added 2023/09/20 4:6 p.m.62 views

CVE-2023-43501

CVE-2023-43501 affects Jenkins Build Failure Analyzer Plugin (versions ≤ 2.4.1). A missing permission check in the plugin’s connection-test endpoint allows attackers with Overall/Read to reach an attacker-specified hostname:port using attacker-specified credentials, per initial description. Conne...

6.5CVSS6.2AI score0.00504EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/20 4:6 p.m.59 views

CVE-2023-43500

CVE-2023-43500 affects Jenkins Build Failure Analyzer Plugin (version ≤ 2.4.1). The vulnerability is a CSRF flaw that lets an attacker cause the plugin to connect to an attacker‑specified hostname/port using attacker‑supplied username and password. This is described across multiple sources (NVD e...

8.8CVSS8.7AI score0.00406EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/20 4:6 p.m.59 views

CVE-2023-43499

CVE-2023-43499 concerns Jenkins’ Build Failure Analyzer Plugin up to version 2.4.1. The affected component does not escape Failure Cause names in build logs, causing a stored XSS vulnerability exploitable by attackers able to create or update Failure Causes. Documents indicate vulnerable versions...

5.4CVSS5.2AI score0.00521EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/20 12:0 a.m.3 views

PT-2023-28848 · Jenkins · Jenkins Build Failure Analyzer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Build Failure Analyzer Plugin versions 2.4.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to delete Failure Causes. This issue arises because the plugin does not require POST requests for a...

4.3CVSS4.4AI score0.00339EPSS
Exploits0References11
Cvelist
Cvelist
added 2022/11/02 3:12 p.m.24 views

CVE-2021-45448 Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user supplied path to access resources that are out of bounds.

Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended...

7.1CVSS7.1AI score0.00551EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/24 5:27 p.m.21 views

XSS vulnerability in Jenkins Build Failure Analyzer Plugin

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. Build Failure Analyzer...

5.4CVSS5AI score0.00753EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:3 p.m.27 views

Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression...

8.8CVSS5.7AI score0.00691EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2020/09/01 1:50 p.m.76 views

CVE-2020-2244

Summary: CVE-2020-2244 affects the Jenkins Build Failure Analyzer Plugin (version 1.27.0 and earlier). The vulnerability is an XSS due to unescaped matching text in a form validation response, which can be triggered by attackers who can supply console output for builds used to test build log indi...

5.4CVSS5.3AI score0.00753EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/12/17 3:15 p.m.31 views

CVE-2019-16554

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...

4.3CVSS4.5AI score0.00817EPSS
Exploits0References2
Rows per page
Query Builder