NotCVE - vendor:"Jenkins" product:"Build Failure Analyzer" version:"

10 results (0.007 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-43502

https://notcve.org/view.php?id=CVE-2023-43502

20 Sep 2023 — A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Jenkins Build Failure Analyzer 2.4.1 y versiones anteriores permite a los atacantes eliminar Causas de Falla. • http://www.openwall.com/lists/oss-security/2023/09/20/5 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-43501

https://notcve.org/view.php?id=CVE-2023-43501

20 Sep 2023 — A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Una verificación de permiso faltante en el complemento Jenkins Build Failure Analyzer 2.4.1 y versiones anteriores permite a los atacantes con permiso general/lectura conectarse a un hostname y puerto especificados por el atacante utilizando el nombre de usuario y la contraseña... • http://www.openwall.com/lists/oss-security/2023/09/20/5 • CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-43500

https://notcve.org/view.php?id=CVE-2023-43500

20 Sep 2023 — A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Jenkins Build Failure Analyzer 2.4.1 y versiones anteriores permite a los atacantes conectarse a un hostname y puerto especificados por el atacante utilizando un nombre de usuario y contraseña especificados por... • http://www.openwall.com/lists/oss-security/2023/09/20/5 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 0

CVE-2023-43499

https://notcve.org/view.php?id=CVE-2023-43499

20 Sep 2023 — Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes. El complemento Jenkins Build Failure Analyzer 2.4.1 y versiones anteriores no escapan a los nombres de las causas de fallas en los registros de compilación, lo que genera una vulnerabilidad de Store Cross-Site Scripting (XSS) que pueden explotar los atacantes capaces de crear... • http://www.openwall.com/lists/oss-security/2023/09/20/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-2244

https://notcve.org/view.php?id=CVE-2020-2244

01 Sep 2020 — Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. Jenkins Build Failure Analyzer Plugin versiones 1.27.0 y anteriores, no escapan el texto coincidente en una respuesta de comprobación de formulario, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) explotable por par... • http://www.openwall.com/lists/oss-security/2020/09/01/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-16554

https://notcve.org/view.php?id=CVE-2019-16554

17 Dec 2019 — A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression. Una comprobación de permisos que falta en Jenkins Build Failure Analyzer Plugin 1.24.1 y anteriores permite a los atacantes con permiso General/Lectura para que Jenkins evalúe una expresión regular costosa desde el principio. • http://www.openwall.com/lists/oss-security/2019/12/17/1 • CWE-276: Incorrect Default Permissions •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-16555

https://notcve.org/view.php?id=CVE-2019-16555

17 Dec 2019 — A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process. Una expresión regular proporcionada por el usuario en Jenkins Build Failure Analyzer Plugin 1.24.1 y anteriores se procesó de una manera que no era interrumpible, lo que permite a los atacantes hacer que Jenkins evaluara una expresión regular sin la capac... • http://www.openwall.com/lists/oss-security/2019/12/17/1 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-16553

https://notcve.org/view.php?id=CVE-2019-16553

17 Dec 2019 — A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. Una vulnerabilidad de tipo cross-site request forgery en Jenkins Build Failure Analyzer Plugin 1.24.1 y anteriores permite a los atacantes que Jenkins evalúe una expresión regular costosa desde el punto de vista computacional. • http://www.openwall.com/lists/oss-security/2019/12/17/1 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4988

https://notcve.org/view.php?id=CVE-2016-4988

09 Feb 2017 — Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. Vulnerabilidad de XSS en el plugin Build Failure Analyzer en versiones anteriores a 1.16.0 en Jenkins permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro no especificado. • https://jenkins.io/security/advisory/2016-06-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-6374

https://notcve.org/view.php?id=CVE-2013-6374

25 Nov 2013 — Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Build Failure Analyzer en versiones anteriores a 1.5.1 para Jenkins permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://osvdb.org/100106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •