Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins job configuration history vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-41931
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and previous versions does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins Job Configuration History
4.3
CVSSv3
CVE-2023-41930
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and previous versions does not restrict the 'name' query parameter when rendering a history entry, allowing malicious users to have Jenkins render a manipulated configuration history that was not created by th...
Jenkins Job Configuration History
6.5
CVSSv3
CVE-2023-41932
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and previous versions does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as the...
Jenkins Job Configuration History
8.8
CVSSv3
CVE-2023-41933
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Job Configuration History
5.4
CVSSv3
CVE-2022-38664
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and previous versions does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
Jenkins Job Configuration History
4.3
CVSSv3
CVE-2022-36887
A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and previous versions allows malicious users to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and syste...
Jenkins Job Configuration History
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started