Path traversal in Jenkins Job Configuration History Plugin

2023-09-0615:30:26

Google

osv.dev

jenkins

configuration

history

plugin

vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the ‘name’ query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin.

CPENameOperatorVersion
org.jenkins-ci.plugins:jobconfighistoryeq1183.v6e2785ff75e0
org.jenkins-ci.plugins:jobconfighistoryeq1207.vd28a_54732f92
org.jenkins-ci.plugins:jobconfighistoryeq1163.ve82c7c6e60a_3
org.jenkins-ci.plugins:jobconfighistoryeq1.12
org.jenkins-ci.plugins:jobconfighistoryeq2.18.3
org.jenkins-ci.plugins:jobconfighistoryeq2.29-rc1073.41ef89cf4e15
org.jenkins-ci.plugins:jobconfighistoryeq2.6
org.jenkins-ci.plugins:jobconfighistoryeq2.9
org.jenkins-ci.plugins:jobconfighistoryeq1165.v8cc9fd1f4597
org.jenkins-ci.plugins:jobconfighistoryeq2.18.1

Name	Operator	Version
org.jenkins-ci.plugins:jobconfighistory	eq	1183.v6e2785ff75e0
org.jenkins-ci.plugins:jobconfighistory	eq	1207.vd28a_54732f92
org.jenkins-ci.plugins:jobconfighistory	eq	1163.ve82c7c6e60a_3
org.jenkins-ci.plugins:jobconfighistory	eq	1.12
org.jenkins-ci.plugins:jobconfighistory	eq	2.18.3
org.jenkins-ci.plugins:jobconfighistory	eq	2.29-rc1073.41ef89cf4e15
org.jenkins-ci.plugins:jobconfighistory	eq	2.6
org.jenkins-ci.plugins:jobconfighistory	eq	2.9
org.jenkins-ci.plugins:jobconfighistory	eq	1165.v8cc9fd1f4597
org.jenkins-ci.plugins:jobconfighistory	eq	2.18.1