jenkins build_failure_analyzer CVE Vulnerabilities (9)

CVEs: 9 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting jenkins build_failure_analyzer (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 19 of 9 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-43502 A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. [email protected] 4.3 0.34% 2023-09-20 2026-06-17
CVE-2023-43501 A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. [email protected] 6.5 0.50% 2023-09-20 2026-06-17
CVE-2023-43500 A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. [email protected] 8.8 0.41% 2023-09-20 2026-06-17
CVE-2023-43499 Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes. [email protected] 5.4 0.52% 2023-09-20 2026-06-17
CVE-2020-2244 Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. [email protected] 5.4 0.75% 2020-09-01 2026-06-16
CVE-2019-16555 A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process. [email protected] 6.5 1.08% 2019-12-17 2026-06-16
CVE-2019-16554 A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression. [email protected] 4.3 0.82% 2019-12-17 2026-06-16
CVE-2019-16553 A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. [email protected] 8.8 0.69% 2019-12-17 2026-06-16
CVE-2016-4988 Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. [email protected] 6.1 1.23% 2017-02-09 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence