Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin.

Affected Packages

Maven org.jenkins-ci.plugins:jobConfigHistory

Affected versions: 0 (fixed in 1229.v3039470161a_d)

Related CVEs

CVE-2023-41930

Key Information

GHSA ID

GHSA-c7r5-cww9-64q6

Published

September 6, 2023 3:30 PM

Last Modified

January 30, 2024 11:12 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:jobConfigHistory

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.