CVE-2020-2244 – com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

Package

Manager: maven
Name: com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Vulnerable Version: >=0 <1.27.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00171 pctl0.38854

Details

XSS vulnerability in Jenkins Build Failure Analyzer Plugin Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. Build Failure Analyzer Plugin 1.27.1 escapes matching text in the affected form validation response.

Metadata

Created: 2022-05-24T17:27:07Z
Modified: 2022-12-20T22:38:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p5jh-8rxp-wqjj/GHSA-p5jh-8rxp-wqjj.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-p5jh-8rxp-wqjj
Finding: F008
Auto approve: 1