CVE-2013-6374: Jenkins Build Failure Analyzer Plugin allows Cross-Site Scripting (XSS)
(updated )
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
- github.com/advisories/GHSA-h52h-972r-68mh
- github.com/jenkinsci/build-failure-analyzer-plugin
- github.com/jenkinsci/build-failure-analyzer-plugin/commit/cf20a8df11e71e8652180d9fafd9bb47385067c7
- nvd.nist.gov/vuln/detail/CVE-2013-6374
- wiki.jenkins-ci.org/display/JENKINS/Build+Failure+Analyzer
- wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
Detect and mitigate CVE-2013-6374 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →