Jenkins Build Failure Analyzer — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Build Failure Analyzer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2019-16553 — CVSS 8.8 (high): A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins…
CVE-2023-43500 — CVSS 8.8 (high): A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to…
CVE-2023-43501 — CVSS 6.5 (medium): A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to…
CVE-2019-16555 — CVSS 6.5 (medium): A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't…
CVE-2016-4988 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject…
CVE-2020-2244 — CVSS 5.4 (medium): Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a…
CVE-2023-43499 — CVSS 5.4 (medium): Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site…
CVE-2019-16554 — CVSS 4.3 (medium): A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to…
CVE-2023-43502 — CVSS 4.3 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete…