5 matches found
CVE-2023-43501
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
Jenkins Plugins Multiple Vulnerabilities (2023-09-20)
According to its self-reported version number, the version of Jenkins plugins running on the remote web server is affected by multiple vulnerabilities: - Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site...
CVE-2023-43501
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43501
CVE-2023-43501 affects Jenkins Build Failure Analyzer Plugin (versions ≤ 2.4.1). A missing permission check in the plugin’s connection-test endpoint allows attackers with Overall/Read to reach an attacker-specified hostname:port using attacker-specified credentials, per initial description. Conne...
CVE-2023-43501
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...