Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  >> Build Failure Analyzer  >> 1.20.0  Security Vulnerabilities
CVE-2023-43500
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-09-20
CVE-2023-43501
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-09-20
CVE-2023-43502
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-09-20
CVE-2023-43499
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
CVSS Score
5.4
EPSS Score
0.035
Published
2023-09-20
CVE-2020-2244
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-01
CVE-2019-16553
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-12-17
CVE-2019-16554
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-12-17
CVE-2019-16555
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-12-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved