CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16554
https://notcve.org/view.php?id=CVE-2019-16554
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression. Una comprobación de permisos que falta en Jenkins Build Failure Analyzer Plugin 1.24.1 y anteriores permite a los atacantes con permiso General/Lectura para que Jenkins evalúe una expresión regular costosa desde el principio. • http://www.openwall.com/lists/oss-security/2019/12/17/1 https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1651 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16555
https://notcve.org/view.php?id=CVE-2019-16555
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process. Una expresión regular proporcionada por el usuario en Jenkins Build Failure Analyzer Plugin 1.24.1 y anteriores se procesó de una manera que no era interrumpible, lo que permite a los atacantes hacer que Jenkins evaluara una expresión regular sin la capacidad de interrumpir este proceso. • http://www.openwall.com/lists/oss-security/2019/12/17/1 https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1651 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16553
https://notcve.org/view.php?id=CVE-2019-16553
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. Una vulnerabilidad de tipo cross-site request forgery en Jenkins Build Failure Analyzer Plugin 1.24.1 y anteriores permite a los atacantes que Jenkins evalúe una expresión regular costosa desde el punto de vista computacional. • http://www.openwall.com/lists/oss-security/2019/12/17/1 https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1651 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4988
https://notcve.org/view.php?id=CVE-2016-4988
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. Vulnerabilidad de XSS en el plugin Build Failure Analyzer en versiones anteriores a 1.16.0 en Jenkins permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro no especificado. • https://jenkins.io/security/advisory/2016-06-20 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6374
https://notcve.org/view.php?id=CVE-2013-6374
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Build Failure Analyzer en versiones anteriores a 1.5.1 para Jenkins permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://osvdb.org/100106 http://secunia.com/advisories/55783 https://wiki.jenkins-ci.org/display/JENKINS/Build+Failure+Analyzer https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •