CVE-2023-41932

2023-09-0613:15:09

CWE-611

jenkins

web.nvd.nist.gov

cve-2023-41932

jenkins

job configuration history plugin

security

vulnerability

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%

JSON

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict ‘timestamp’ query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called ‘history.xml’.

Affected configurations

Nvd

Node

jenkinsjob_configuration_historyRange≤1227.v7a_79fc4dc01fjenkins

VendorProductVersionCPE
jenkinsjob_configuration_history*cpe:2.3:a:jenkins:job_configuration_history:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	job_configuration_history	*	cpe:2.3:a:jenkins:job_configuration_history::::::jenkins::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Jenkins Job Configuration History Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThanOrEqual": "1227.v7a_79fc4dc01f",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]