Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2023-09-06T12:08:52.399Z
Updated: 2024-08-02T19:09:49.328Z
Reserved: 2023-09-05T16:39:57.391Z
Link: CVE-2023-41930
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-06T13:15:09.377
Modified: 2023-09-11T19:23:34.093
Link: CVE-2023-41930
Redhat
No data.