Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2023-09-06T12:08:53.687Z
Updated: 2024-08-02T19:09:49.163Z
Reserved: 2023-09-05T16:39:57.391Z
Link: CVE-2023-41932
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-06T13:15:09.770
Modified: 2023-09-11T20:07:12.583
Link: CVE-2023-41932
Redhat
No data.