Description

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://osvdb.org/100106

http://secunia.com/advisories/55783

https://wiki.jenkins-ci.org/display/JENKINS/Build+Failure+Analyzer

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20

Related Vulnerabilities

CVE-2022-25167 Vulnerability in maven package org.apache.flume.flume-ng-sources:flume-jms-source

CVE-2017-3156 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-oauth2

CVE-2019-1003022 Vulnerability in maven package org.jvnet.hudson.plugins:monitoring

CVE-2023-32982 Vulnerability in maven package org.jenkins-ci.plugins:ansible

CVE-2021-4040 Vulnerability in maven package org.apache.activemq:artemis-core-client

Severity

Critical

Classification

CWE-79

Tags

Vendor Advisory