Jenkins Job Configuration History

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Jenkins Job Configuration History.

By the Year

In 2026 there have been 0 vulnerabilities in Jenkins Job Configuration History. Job Configuration History did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	0	0.00
2024	0	0.00
2023	4	6.25
2022	2	4.85

It may take a day or so for new Job Configuration History vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Job Configuration History Security Vulnerabilities

Jenkins Job Config History Plugin XSS via Unsanitized Timestamp
CVE-2023-41931 5.4 - Medium - September 06, 2023

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.

XSS

Jenkins Job History Plugin: Unrestricted 'name' Param Enables Injected History
CVE-2023-41930 4.3 - Medium - September 06, 2023

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin.

Directory traversal

Jenkins Job Config History Plugin XXE via Undisarmed XML Parser
CVE-2023-41933 8.8 - High - September 06, 2023

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

XXE

Jenkins Job Config Hist Plugin allows arbitrary FS delete via timestamp
CVE-2023-41932 6.5 - Medium - September 06, 2023

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'.

XXE

Jenkins Job Config History Plugin XSS via Unescaped Job Name
CVE-2022-38664 5.4 - Medium - August 23, 2022

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.

XSS

CSRF in Jenkins Job Config History Plugin Enables Deletion of Config Histories
CVE-2022-36887 4.3 - Medium - July 27, 2022

A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations.

Session Riding

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Job Configuration History or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Job Configuration History
Product

Jenkins Job Configuration History

Don't miss out!

By the Year

Recent Jenkins Job Configuration History Security Vulnerabilities

Jenkins Job Config History Plugin XSS via Unsanitized Timestamp CVE-2023-41931 5.4 - Medium - September 06, 2023

Jenkins Job History Plugin: Unrestricted 'name' Param Enables Injected History CVE-2023-41930 4.3 - Medium - September 06, 2023

Jenkins Job Config History Plugin XXE via Undisarmed XML Parser CVE-2023-41933 8.8 - High - September 06, 2023

Jenkins Job Config Hist Plugin allows arbitrary FS delete via timestamp CVE-2023-41932 6.5 - Medium - September 06, 2023

Jenkins Job Config History Plugin XSS via Unescaped Job Name CVE-2022-38664 5.4 - Medium - August 23, 2022

CSRF in Jenkins Job Config History Plugin Enables Deletion of Config Histories CVE-2022-36887 4.3 - Medium - July 27, 2022