Jenkins Job Config Hist Plugin allows arbitrary FS delete via timestamp
CVE-2023-41932 Published on September 6, 2023

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'.

Vendor Advisory NVD

Products Associated with CVE-2023-41932

Want to know whenever a new CVE is published for Jenkins Job Configuration History? stack.watch will email you.

Jenkins Job Configuration History

Affected Versions

Jenkins Project Jenkins Job Configuration History Plugin:

Before and including 1227.v7a_79fc4dc01f is affected.

Exploit Probability

EPSS

0.07%

Percentile

20.44%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Job Config Hist Plugin allows arbitrary FS delete via timestampCVE-2023-41932 Published on September 6, 2023

Products Associated with CVE-2023-41932

Affected Versions

Exploit Probability

Jenkins Job Config Hist Plugin allows arbitrary FS delete via timestamp
CVE-2023-41932 Published on September 6, 2023