Jenkins Build Failure Analyzer
By the Year
In 2023 there have been 4 vulnerabilities in Jenkins Build Failure Analyzer with an average score of 6.3 out of ten. Build Failure Analyzer did not have any published security vulnerabilities last year. That is, 4 more vulnerabilities have already been reported in 2023 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 4 | 6.25 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 5.40 |
| 2019 | 3 | 6.53 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Build Failure Analyzer vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Build Failure Analyzer Security Vulnerabilities
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier
CVE-2023-43502
4.3 - Medium
- September 20, 2023
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.
Session Riding
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier
CVE-2023-43501
6.5 - Medium
- September 20, 2023
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
AuthZ
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier
CVE-2023-43500
8.8 - High
- September 20, 2023
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
Session Riding
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs
CVE-2023-43499
5.4 - Medium
- September 20, 2023
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
XSS
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response
CVE-2020-2244
5.4 - Medium
- September 01, 2020
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.
XSS
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier
CVE-2019-16553
8.8 - High
- December 17, 2019
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.
Session Riding
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier
CVE-2019-16554
4.3 - Medium
- December 17, 2019
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
Incorrect Default Permissions
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way
CVE-2019-16555
6.5 - Medium
- December 17, 2019
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Build Failure Analyzer or by Jenkins? Click the Watch button to subscribe.
