Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:10 a.m.10 views

CVE-2022-36887

A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...

4.3CVSS6.8AI score0.00362EPSS
Exploits0References1
OSV
OSV
added 2023/09/06 3:30 p.m.22 views

GHSA-CGH7-RGQG-HRCX Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...

6.5CVSS6.5AI score0.00555EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/09/06 3:30 p.m.28 views

XSS vulnerability in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting XSS vulnerability...

5.4CVSS5.6AI score0.00432EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/09/06 1:15 p.m.23 views

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS8.7AI score0.0075EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/06 12:8 p.m.18 views

CVE-2023-41932

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...

6.6AI score0.00555EPSS
Exploits0References2
CVE
CVE
added 2023/09/06 12:8 p.m.125 views

CVE-2023-41932

The CVE-2023-41932 entry affects Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier. The root cause is that the plugin does not restrict the 'timestamp' query parameter across multiple endpoints, which can allow an attacker to delete attacker-specified directories on the Jen...

6.5CVSS6.3AI score0.00555EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/07/27 3:15 p.m.18 views

CVE-2022-36887

A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...

4.3CVSS0.00362EPSS
Exploits0References2
Prion
Prion
added 2022/07/27 3:15 p.m.24 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...

4.3CVSS4.6AI score0.00362EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/27 2:22 p.m.92 views

CVE-2022-36887

CVE-2022-36887 is a CSRF vulnerability in Jenkins Job Configuration History Plugin (versions up to 1155.v28a_46a_cc06a_5). The issue allows an attacker to delete entries from job, agent, and system configuration history or restore older configurations by convincing a user to perform unwanted acti...

4.3CVSS4.5AI score0.00362EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/27 2:22 p.m.34 views

CVE-2022-36887

A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...

5.3AI score0.00362EPSS
Exploits0References2
Rows per page
Query Builder