Security Flaw in Jenkins Job Configuration History Plugin Affects Configuration Integrity
CVE-2023-41930

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Job Configuration History Plugin
Vendor: CVE Published:; 6 September 2023

Summary

The Jenkins Job Configuration History Plugin versions 1227.v7a_79fc4dc01f and earlier expose a security vulnerability due to improper input validation of the 'name' query parameter during the rendering of history entries. This flaw could allow attackers to manipulate the Jenkins interface to display fabricated configuration history entries, undermining the integrity of the history records within Jenkins and potentially leading to unauthorized access or changes.

Affected Version(s)

Jenkins Job Configuration History Plugin 0 <= 1227.v7a_79fc4dc01f

References

https://www.jenkins.io/security/advisory/2023-09-06/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/09/06/9

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2023
Vulnerability Reserved
Sep 5, 2023