This page lists publicly disclosed CVE vulnerabilities affecting jenkins build_failure_analyzer (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-43502 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. | [email protected] | 4.3 | 0.34% | 2023-09-20 | 2026-06-17 |
| CVE-2023-43501 | A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | [email protected] | 6.5 | 0.50% | 2023-09-20 | 2026-06-17 |
| CVE-2023-43500 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. | [email protected] | 8.8 | 0.41% | 2023-09-20 | 2026-06-17 |
| CVE-2023-43499 | Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes. | [email protected] | 5.4 | 0.52% | 2023-09-20 | 2026-06-17 |
| CVE-2020-2244 | Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. | [email protected] | 5.4 | 0.75% | 2020-09-01 | 2026-06-16 |
| CVE-2019-16555 | A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process. | [email protected] | 6.5 | 1.08% | 2019-12-17 | 2026-06-16 |
| CVE-2019-16554 | A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression. | [email protected] | 4.3 | 0.82% | 2019-12-17 | 2026-06-16 |
| CVE-2019-16553 | A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. | [email protected] | 8.8 | 0.69% | 2019-12-17 | 2026-06-16 |
| CVE-2016-4988 | Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | [email protected] | 6.1 | 1.23% | 2017-02-09 | 2026-06-16 |