{"id":"CVE-2023-43501","details":"A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.","aliases":["GHSA-55q6-r3hm-7ff4"],"modified":"2026-04-10T05:03:50.292291Z","published":"2023-09-20T17:15:12.090Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2023/09/20/5"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/build-failure-analyzer-plugin","events":[{"introduced":"0"},{"fixed":"939801c545ff382d762e5d2e9282824398afe779"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.4.2"}]}}],"versions":["build-failure-analyzer-1.10.0","build-failure-analyzer-1.10.0-2","build-failure-analyzer-1.10.1","build-failure-analyzer-1.10.2","build-failure-analyzer-1.10.3","build-failure-analyzer-1.11.0","build-failure-analyzer-1.12.0","build-failure-analyzer-1.12.1","build-failure-analyzer-1.13.0","build-failure-analyzer-1.13.1","build-failure-analyzer-1.13.2","build-failure-analyzer-1.13.3","build-failure-analyzer-1.13.4","build-failure-analyzer-1.13.5","build-failure-analyzer-1.14.0","build-failure-analyzer-1.15.0","build-failure-analyzer-1.16.0","build-failure-analyzer-1.17.0","build-failure-analyzer-1.17.0-r2","build-failure-analyzer-1.17.1","build-failure-analyzer-1.17.2","build-failure-analyzer-1.18.0","build-failure-analyzer-1.18.1","build-failure-analyzer-1.19.0","build-failure-analyzer-1.19.1","build-failure-analyzer-1.19.1-t4","build-failure-analyzer-1.19.2","build-failure-analyzer-1.19.2-t2","build-failure-analyzer-1.20.0","build-failure-analyzer-1.21.0","build-failure-analyzer-1.22.0","build-failure-analyzer-1.23.0","build-failure-analyzer-1.23.0-beta-1","build-failure-analyzer-1.23.1","build-failure-analyzer-1.23.2","build-failure-analyzer-1.24.0","build-failure-analyzer-1.24.1","build-failure-analyzer-1.24.2","build-failure-analyzer-1.25.0","build-failure-analyzer-1.25.1","build-failure-analyzer-1.26.0","build-failure-analyzer-1.27.0","build-failure-analyzer-1.27.1","build-failure-analyzer-1.4.0","build-failure-analyzer-1.4.1","build-failure-analyzer-1.5.0","build-failure-analyzer-1.5.1","build-failure-analyzer-1.6.0","build-failure-analyzer-1.7.0","build-failure-analyzer-1.8.0","build-failure-analyzer-1.8.1","build-failure-analyzer-1.9.0","build-failure-analyzer-1.9.1","build-failure-analyzer-2.0.0","build-failure-analyzer-2.0.0-beta-1","build-failure-analyzer-2.0.1","build-failure-analyzer-2.1.0","build-failure-analyzer-2.2.0","build-failure-analyzer-2.2.1","build-failure-analyzer-2.27.0","build-failure-analyzer-2.3.0","build-failure-analyzer-2.4.0","build-failure-analyzer-2.4.0-r2","build-failure-analyzer-2.4.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-43501.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}