CVE-2023-41931

2023-09-0613:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-41931

jenkins

job configuration

history plugin

xss

security

vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

38.8%

JSON

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.

Affected configurations

NVD

Node

jenkinsjob_configuration_historyRange≤1227.v7a_79fc4dc01fjenkins

CPENameOperatorVersion
jenkins:job_configuration_historyjenkins job configuration historyle1227.v7a_79fc4dc01f

CPE	Name	Operator	Version
jenkins:job_configuration_history	jenkins job configuration history	le	1227.v7a_79fc4dc01f

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Jenkins Job Configuration History Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThanOrEqual": "1227.v7a_79fc4dc01f",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]