Jenkins Build Failure Analyzer

Do you want an email whenever new security vulnerabilities are reported in Jenkins Build Failure Analyzer?

By the Year

In 2023 there have been 0 vulnerabilities in Jenkins Build Failure Analyzer . Build Failure Analyzer did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	1	5.40
2019	3	6.53
2018	0	0.00

It may take a day or so for new Build Failure Analyzer vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Build Failure Analyzer Security Vulnerabilities

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response

CVE-2020-2244 5.4 - Medium - September 01, 2020

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.

XSS

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier

CVE-2019-16553 8.8 - High - December 17, 2019

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.

Session Riding

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier

CVE-2019-16554 4.3 - Medium - December 17, 2019

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.

Incorrect Default Permissions

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way

CVE-2019-16555 6.5 - Medium - December 17, 2019

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.

Resource Exhaustion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Build Failure Analyzer or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Build Failure Analyzer
Product

Jenkins Build Failure Analyzer

By the Year

Recent Jenkins Build Failure Analyzer Security Vulnerabilities

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response CVE-2020-2244 5.4 - Medium - September 01, 2020

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier CVE-2019-16553 8.8 - High - December 17, 2019

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier CVE-2019-16554 4.3 - Medium - December 17, 2019

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way CVE-2019-16555 6.5 - Medium - December 17, 2019