Jenkins Job Config History Plugin XXE via Undisarmed XML Parser
CVE-2023-41933 Published on September 6, 2023

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Vendor Advisory NVD

Products Associated with CVE-2023-41933

Want to know whenever a new CVE is published for Jenkins Job Configuration History? stack.watch will email you.

Jenkins Job Configuration History

Affected Versions

Jenkins Project Jenkins Job Configuration History Plugin:

Before and including 1227.v7a_79fc4dc01f is affected.

Exploit Probability

EPSS

0.07%

Percentile

20.97%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Job Config History Plugin XXE via Undisarmed XML ParserCVE-2023-41933 Published on September 6, 2023

Products Associated with CVE-2023-41933

Affected Versions

Exploit Probability

Jenkins Job Config History Plugin XXE via Undisarmed XML Parser
CVE-2023-41933 Published on September 6, 2023