Jenkins Job History Plugin: Unrestricted 'name' Param Enables Injected History
CVE-2023-41930 Published on September 6, 2023

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin.

Vendor Advisory NVD

Products Associated with CVE-2023-41930

Want to know whenever a new CVE is published for Jenkins Job Configuration History? stack.watch will email you.

Jenkins Job Configuration History

Affected Versions

Jenkins Project Jenkins Job Configuration History Plugin:

Before and including 1227.v7a_79fc4dc01f is affected.

Exploit Probability

EPSS

0.13%

Percentile

32.67%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Job History Plugin: Unrestricted 'name' Param Enables Injected HistoryCVE-2023-41930 Published on September 6, 2023

Products Associated with CVE-2023-41930

Affected Versions

Exploit Probability

Jenkins Job History Plugin: Unrestricted 'name' Param Enables Injected History
CVE-2023-41930 Published on September 6, 2023