CVE-2013-6374

EPSS 0.20%

Jenkins Build Failure Analyzer Plugin allows Cross-Site Scripting (XSS)

Published: 5/17/2022Modified: 3/13/2025

Description

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Affected packages (1)

Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzerfrom 0, < 1.5.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-6374
PATCHhttps://github.com/jenkinsci/build-failure-analyzer-plugin
WEBhttps://github.com/jenkinsci/build-failure-analyzer-plugin/commit/cf20a8df11e71e8652180d9fafd9bb47385067c7
WEBhttps://wiki.jenkins-ci.org/display/JENKINS/Build+Failure+Analyzer
WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20