Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.10 views

CVE-2023-43502

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...

4.3CVSS6.7AI score0.00339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.11 views

CVE-2019-16554

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...

4.3CVSS6.5AI score0.00817EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.10 views

CVE-2019-16555

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process...

6.5CVSS6.6AI score0.01076EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2425

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00504EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2490

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00691EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-5752

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00817EPSS
Exploits0References4
OSV
OSV
added 2023/09/20 6:30 p.m.35 views

GHSA-58RQ-69JP-XC23 Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...

4.3CVSS8.7AI score0.00406EPSS
Exploits0References3
NVD
NVD
added 2023/09/20 5:15 p.m.36 views

CVE-2023-43501

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

6.5CVSS6.9AI score0.00504EPSS
Exploits0References2
NVD
NVD
added 2023/09/20 5:15 p.m.28 views

CVE-2023-43500

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...

8.8CVSS8.8AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2023/09/20 5:15 p.m.27 views

CVE-2023-43502

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...

4.3CVSS7AI score
Exploits0References2
Prion
Prion
added 2023/09/20 5:15 p.m.24 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...

4.3CVSS4.6AI score0.00339EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/20 5:15 p.m.27 views

Default credentials

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

4CVSS6.3AI score0.00504EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/20 4:6 p.m.68 views

CVE-2023-43502

The CVE-2023-43502 entry concerns a CSRF vulnerability in the Jenkins Build Failure Analyzer Plugin (versions 2.4.1 and earlier). The underlying issue is that the plugin did not require POST for an HTTP endpoint, allowing attackers to delete Failure Causes by crafting a request that is executed i...

4.3CVSS4.5AI score0.00339EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/20 4:6 p.m.62 views

CVE-2023-43501

CVE-2023-43501 affects Jenkins Build Failure Analyzer Plugin (versions ≤ 2.4.1). A missing permission check in the plugin’s connection-test endpoint allows attackers with Overall/Read to reach an attacker-specified hostname:port using attacker-specified credentials, per initial description. Conne...

6.5CVSS6.2AI score0.00504EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/20 4:6 p.m.59 views

CVE-2023-43500

CVE-2023-43500 affects Jenkins Build Failure Analyzer Plugin (version ≤ 2.4.1). The vulnerability is a CSRF flaw that lets an attacker cause the plugin to connect to an attacker‑specified hostname/port using attacker‑supplied username and password. This is described across multiple sources (NVD e...

8.8CVSS8.7AI score0.00406EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/20 4:6 p.m.40 views

CVE-2023-43501

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

6.8AI score0.00504EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/20 4:6 p.m.43 views

CVE-2023-43500

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...

8.9AI score0.00406EPSS
Exploits0References2
CVE
CVE
added 2023/09/20 4:6 p.m.59 views

CVE-2023-43499

CVE-2023-43499 concerns Jenkins’ Build Failure Analyzer Plugin up to version 2.4.1. The affected component does not escape Failure Cause names in build logs, causing a stored XSS vulnerability exploitable by attackers able to create or update Failure Causes. Documents indicate vulnerable versions...

5.4CVSS5.2AI score0.00521EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/20 12:0 a.m.2 views

PT-2023-28848 · Jenkins · Jenkins Build Failure Analyzer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Build Failure Analyzer Plugin versions 2.4.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to delete Failure Causes. This issue arises because the plugin does not require POST requests for a...

4.3CVSS4.4AI score0.00339EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/24 5:27 p.m.21 views

XSS vulnerability in Jenkins Build Failure Analyzer Plugin

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. Build Failure Analyzer...

5.4CVSS5AI score0.00753EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder