Vulnerabilities for Build failure analyzer (...) - CXSECURITY.COM

Vulnerabilities for 'Build failure analyzer'

2020-09-01

CVE-2020-2244

CWE-79

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.

2019-12-17

CVE-2019-16555

CWE-400

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.

CVE-2019-16554

CWE-276

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.

CVE-2019-16553

CWE-352

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.

>>> Vendor: Jenkins 480 Products

Active directory

Pluggable authentication module

Build failure analyzer

Vrealize orchestrator

Openstack cloud

Image gallery plugin

Extra columns plugin

Script security

Github branch source

Config file provider

Owasp dependency-check

Pipeline-input-step

Deploy to container

Static analysis utilities

Periodic backup

Role-based authorization strategy

Parameterized trigger

Favorite plugin

Translation assistance

Pipeline nodes and processes

Delivery pipeline

Build-publisher

Dependency graph viewer

Global-build-stats

Credentials binding

Pipeline supporting apis

Google-play-android-publisher

Promoted builds

Job and node ownership

Cucumber living documentation

Github pull request builder

Reverse proxy auth

Liquibase runner

See all Products for Vendor Jenkins

Copyright 2024, cxsecurity.com