Cross-site Scripting Vulnerability in Build Failure Analyzer for Jenkins
CVE-2013-6374

Currently unrated

Key Information:

Vendor: Jenkins-ci
Status: Build Failure Analyzer
Vendor: CVE Published:; 25 November 2013

What is CVE-2013-6374?

The Build Failure Analyzer plugin for Jenkins is susceptible to a Cross-site Scripting (XSS) vulnerability, allowing authenticated remote users to inject arbitrary web scripts or HTML. This issue arises due to unspecified vectors, which could potentially be exploited to manipulate the content displayed on users' browsers, posing a significant risk to web application integrity and user data security.

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Secu...

x_refsource_MISC

https://wiki.jenkins-ci.org/display/JENKINS/Build+Failure...

x_refsource_CONFIRM

http://secunia.com/advisories/55783

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2013
Vulnerability Reserved
Nov 4, 2013

Jenkins-ci

What is CVE-2013-6374?

References

Timeline