CVE-2023-43502
https://notcve.org/view.php?id=CVE-2023-43502
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Jenkins Build Failure Analyzer 2.4.1 y versiones anteriores permite a los atacantes eliminar Causas de Falla. • http://www.openwall.com/lists/oss-security/2023/09/20/5 https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3239 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-43501
https://notcve.org/view.php?id=CVE-2023-43501
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Una verificación de permiso faltante en el complemento Jenkins Build Failure Analyzer 2.4.1 y versiones anteriores permite a los atacantes con permiso general/lectura conectarse a un hostname y puerto especificados por el atacante utilizando el nombre de usuario y la contraseña especificados por el atacante. • http://www.openwall.com/lists/oss-security/2023/09/20/5 https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226 • CWE-862: Missing Authorization •
CVE-2023-43500
https://notcve.org/view.php?id=CVE-2023-43500
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Jenkins Build Failure Analyzer 2.4.1 y versiones anteriores permite a los atacantes conectarse a un hostname y puerto especificados por el atacante utilizando un nombre de usuario y contraseña especificados por el atacante. • http://www.openwall.com/lists/oss-security/2023/09/20/5 https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-43499
https://notcve.org/view.php?id=CVE-2023-43499
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes. El complemento Jenkins Build Failure Analyzer 2.4.1 y versiones anteriores no escapan a los nombres de las causas de fallas en los registros de compilación, lo que genera una vulnerabilidad de Store Cross-Site Scripting (XSS) que pueden explotar los atacantes capaces de crear o actualizar causas de fallas. • http://www.openwall.com/lists/oss-security/2023/09/20/5 https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3244 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-2244
https://notcve.org/view.php?id=CVE-2020-2244
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. Jenkins Build Failure Analyzer Plugin versiones 1.27.0 y anteriores, no escapan el texto coincidente en una respuesta de comprobación de formulario, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) explotable por parte de atacantes capaces de proporcionar una salida de la consola para compilaciones usadas al probar indicaciones de registro de compilación • http://www.openwall.com/lists/oss-security/2020/09/01/3 https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •