com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Maven10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzerpage 1 of 1
- CVE-2013-6374NONECVSS 0.0EG 0.0✓ Fixed in 1.5.12013-11-25
vulnerable: 1.2.0, 1.3.0, 1.4.0, 1.4.1, 1.5.0
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2016-4988MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.16.02017-02-09
vulnerable: 1.10.0 ... 1.9.1 (26 versions)
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
- CVE-2019-16553HIGHCVSS 8.8EG 8.8✓ Fixed in 1.24.22019-12-17
vulnerable: 1.10.0 ... 1.9.1 (44 versions)
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.
- CVE-2019-16554MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.24.22019-12-17
vulnerable: 1.10.0 ... 1.9.1 (44 versions)
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
- CVE-2019-16555MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.24.22019-12-17
vulnerable: 1.10.0 ... 1.9.1 (44 versions)
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interr…
- CVE-2020-2244MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.27.12020-09-01
vulnerable: 1.10.0 ... 1.9.1 (49 versions)
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for build…
- CVE-2023-43499MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.4.22023-09-20
vulnerable: 1.10.0 ... 2.4.1 (59 versions)
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
- CVE-2023-43500HIGHCVSS 8.8EG 8.8✓ Fixed in 2.4.22023-09-20
vulnerable: 1.10.0 ... 2.4.1 (59 versions)
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
- CVE-2023-43501MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.4.22023-09-20
vulnerable: 1.10.0 ... 2.4.1 (59 versions)
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
- CVE-2023-43502MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.4.22023-09-20
vulnerable: 1.10.0 ... 2.4.1 (59 versions)
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.
Check whether com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer CVEs against the assets you own.
Start Free Scan →