A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.