Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin

2023-09-0615:30:26

Google

osv.dev

path traversal

xxe vulnerability

jenkins

job configuration history plugin

software

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict ‘timestamp’ query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called ‘history.xml’.

CPENameOperatorVersion
org.jenkins-ci.plugins:jobconfighistoryeq1183.v6e2785ff75e0
org.jenkins-ci.plugins:jobconfighistoryeq1207.vd28a_54732f92
org.jenkins-ci.plugins:jobconfighistoryeq1163.ve82c7c6e60a_3
org.jenkins-ci.plugins:jobconfighistoryeq1.12
org.jenkins-ci.plugins:jobconfighistoryeq2.18.3
org.jenkins-ci.plugins:jobconfighistoryeq2.29-rc1073.41ef89cf4e15
org.jenkins-ci.plugins:jobconfighistoryeq2.6
org.jenkins-ci.plugins:jobconfighistoryeq2.9
org.jenkins-ci.plugins:jobconfighistoryeq1165.v8cc9fd1f4597
org.jenkins-ci.plugins:jobconfighistoryeq2.18.1

Name	Operator	Version
org.jenkins-ci.plugins:jobconfighistory	eq	1183.v6e2785ff75e0
org.jenkins-ci.plugins:jobconfighistory	eq	1207.vd28a_54732f92
org.jenkins-ci.plugins:jobconfighistory	eq	1163.ve82c7c6e60a_3
org.jenkins-ci.plugins:jobconfighistory	eq	1.12
org.jenkins-ci.plugins:jobconfighistory	eq	2.18.3
org.jenkins-ci.plugins:jobconfighistory	eq	2.29-rc1073.41ef89cf4e15
org.jenkins-ci.plugins:jobconfighistory	eq	2.6
org.jenkins-ci.plugins:jobconfighistory	eq	2.9
org.jenkins-ci.plugins:jobconfighistory	eq	1165.v8cc9fd1f4597
org.jenkins-ci.plugins:jobconfighistory	eq	2.18.1