CVE-2013-6374

EPSS 0.20%

Jenkins Build Failure Analyzer Plugin allows Cross-Site Scripting (XSS)

發布日:2022/5/17修改日:2025/3/13

描述

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

受影響套件(1)

Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzerfrom 0, < 1.5.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-6374
PATCHhttps://github.com/jenkinsci/build-failure-analyzer-plugin
WEBhttps://github.com/jenkinsci/build-failure-analyzer-plugin/commit/cf20a8df11e71e8652180d9fafd9bb47385067c7
WEBhttps://wiki.jenkins-ci.org/display/JENKINS/Build+Failure+Analyzer
WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20