A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.

Affected Packages

Maven com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

Affected versions: 0 (fixed in 1.24.2)

Related CVEs

CVE-2019-16554

Key Information

GHSA ID

GHSA-x9gc-p2qp-4p7v

Published

May 24, 2022 5:03 PM

Last Modified

October 26, 2023 8:49 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.