Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

jenkins job configuration history vulnerabilities and exploits

(subscribe to this query)
5.4
CVSSv3
CVE-2023-41931
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and previous versions does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins Job Configuration History
4.3
CVSSv3
CVE-2023-41930
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and previous versions does not restrict the 'name' query parameter when rendering a history entry, allowing malicious users to have Jenkins render a manipulated configuration history that was not created by th...
Jenkins Job Configuration History
6.5
CVSSv3
CVE-2023-41932
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and previous versions does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as the...
Jenkins Job Configuration History
8.8
CVSSv3
CVE-2023-41933
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Job Configuration History
5.4
CVSSv3
CVE-2022-38664
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and previous versions does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
Jenkins Job Configuration History
4.3
CVSSv3
CVE-2022-36887
A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and previous versions allows malicious users to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and syste...
Jenkins Job Configuration History
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injectionCVE-2024-35894SQLCVE-2024-5105CVE-2014-100005CVE-2024-35895unauthorizedCVE-2024-22120CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook