28 matches found
CVE-2023-43502
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...
CVE-2019-16554
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...
CVE-2019-16555
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process...
EUVD-2023-2425
Malicious code in bioql PyPI...
EUVD-2022-2490
Malicious code in bioql PyPI...
EUVD-2022-5752
Malicious code in bioql PyPI...
GHSA-58RQ-69JP-XC23 Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...
CVE-2023-43501
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43500
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43502
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...
Default credentials
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43502
The CVE-2023-43502 entry concerns a CSRF vulnerability in the Jenkins Build Failure Analyzer Plugin (versions 2.4.1 and earlier). The underlying issue is that the plugin did not require POST for an HTTP endpoint, allowing attackers to delete Failure Causes by crafting a request that is executed i...
CVE-2023-43501
CVE-2023-43501 affects Jenkins Build Failure Analyzer Plugin (versions ≤ 2.4.1). A missing permission check in the plugin’s connection-test endpoint allows attackers with Overall/Read to reach an attacker-specified hostname:port using attacker-specified credentials, per initial description. Conne...
CVE-2023-43500
CVE-2023-43500 affects Jenkins Build Failure Analyzer Plugin (version ≤ 2.4.1). The vulnerability is a CSRF flaw that lets an attacker cause the plugin to connect to an attacker‑specified hostname/port using attacker‑supplied username and password. This is described across multiple sources (NVD e...
CVE-2023-43501
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43500
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43499
CVE-2023-43499 concerns Jenkins’ Build Failure Analyzer Plugin up to version 2.4.1. The affected component does not escape Failure Cause names in build logs, causing a stored XSS vulnerability exploitable by attackers able to create or update Failure Causes. Documents indicate vulnerable versions...
PT-2023-28848 · Jenkins · Jenkins Build Failure Analyzer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Build Failure Analyzer Plugin versions 2.4.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to delete Failure Causes. This issue arises because the plugin does not require POST requests for a...
XSS vulnerability in Jenkins Build Failure Analyzer Plugin
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. Build Failure Analyzer...