Jenkins Job Config History Plugin XSS via Unsanitized Timestamp
CVE-2023-41931 Published on September 6, 2023

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.

Vendor Advisory NVD

Products Associated with CVE-2023-41931

Want to know whenever a new CVE is published for Jenkins Job Configuration History? stack.watch will email you.

Jenkins Job Configuration History

Affected Versions

Jenkins Project Jenkins Job Configuration History Plugin:

Before and including 1227.v7a_79fc4dc01f is affected.

Exploit Probability

EPSS

0.96%

Percentile

76.23%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Job Config History Plugin XSS via Unsanitized TimestampCVE-2023-41931 Published on September 6, 2023

Products Associated with CVE-2023-41931

Affected Versions

Exploit Probability

Jenkins Job Config History Plugin XSS via Unsanitized Timestamp
CVE-2023-41931 Published on September 6, 2023