{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41931", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2023-09-05T16:39:57.391Z", "datePublished": "2023-09-06T12:08:53.040Z", "dateUpdated": "2024-08-02T19:09:49.187Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Jenkins Job Configuration History Plugin", "vendor": "Jenkins Project", "versions": [{"lessThanOrEqual": "1227.v7a_79fc4dc01f", "status": "affected", "version": "0", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T12:51:40.143Z"}, "references": [{"name": "Jenkins Security Advisory 2023-09-06", "tags": ["vendor-advisory"], "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:09:49.187Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2023-09-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:job_configuration_history:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "DCA428E1-B407-4F61-AB8B-B24D902C4A8D", "versionEndIncluding": "1227.v7a_79fc4dc01f", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability."}, {"lang": "es", "value": "El complemento Jenkins Job Configuration History 1227.v7a_79fc4dc01f y versiones anteriores no sanitizan ni escapan el valor timestamp de las entradas de historial al representar una entrada de historial en la vista de historial, lo que da como resultado una vulnerabilidad de Cross-Site Scripting (XSS) almacenada."}], "id": "CVE-2023-41931", "lastModified": "2023-09-11T19:55:42.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-06T13:15:09.577", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}