A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.

Affected Packages

Maven com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

Affected versions: 0 (fixed in 1.24.2)

Related CVEs

CVE-2019-16553

Key Information

GHSA ID

GHSA-543w-gq76-pw7g

Published

May 24, 2022 5:03 PM

Last Modified

November 1, 2022 10:48 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.