CVE-2023-43500

Name of the Vulnerable Software and Affected Versions Jenkins Build Failure Analyzer Plugin versions 2.4.1 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. This issue arises because the plugin does not perform a permission check in a connection test HTTP endpoint, and this endpoint does not require POST requests. Attackers with Overall/Read permission can exploit this vulnerability.

Recommendations For Jenkins Build Failure Analyzer Plugin versions 2.4.1 and earlier, update to version 2.4.2 or later, which requires POST requests and Overall/Administer permission for the affected HTTP endpoint, thus mitigating the CSRF vulnerability.