Missing Authorization

com.sonyericsson.jenkins.plugins.bfa: build-failure-analyzer is vulnerable to Missing Authorization. The vulnerability is caused by a missing permission check in test HTTP endpoint doTestConnection as well as the doTestConnection HTTP POST endpoint. This can allow attackers with Overall/Read permission to connect to an attacker-specified hostname and port using an attacker-specified username and password. Also as doTestConnection HTTP endpoint does not require POST requests, it can result in a cross-site request forgery (CSRF) vulnerability.