CVE-2023-43502

Name of the Vulnerable Software and Affected Versions Jenkins Build Failure Analyzer Plugin versions 2.4.1 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to delete Failure Causes. This issue arises because the plugin does not require POST requests for a specific HTTP endpoint, making it vulnerable to CSRF attacks.

Recommendations For versions 2.4.1 and earlier, update to version 2.4.2 or later, which requires POST requests for the affected HTTP endpoint, thus mitigating the CSRF vulnerability.