GHSA-c7r5-cww9-64q6

Suggest an improvement
Source
https://github.com/advisories/GHSA-c7r5-cww9-64q6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-c7r5-cww9-64q6/GHSA-c7r5-cww9-64q6.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-c7r5-cww9-64q6
Aliases
  • CVE-2023-41930
Published
2023-09-06T15:30:26Z
Modified
2024-01-30T23:41:38.662198Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Path traversal in Jenkins Job Configuration History Plugin
Details

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin.

Database specific
{
    "nvd_published_at": "2023-09-06T13:15:09Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T23:12:08Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:jobConfigHistory

Package

Name
org.jenkins-ci.plugins:jobConfigHistory
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/jobConfigHistory

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1229.v3039470161a_d

Affected versions

1.*

1.10
1.11
1.12
1.13

2.*

2.0
2.1
2.1.1
2.2
2.3
2.4
2.5
2.6
2.8
2.9
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18
2.18.1
2.18.2
2.18.3
2.19
2.20
2.21
2.22
2.23
2.23.1
2.24
2.25
2.26
2.27
2.28
2.28.1
2.29-rc1073.41ef89cf4e15
2.29
2.30
2.31-rc1092.de9e11acbcf3
2.31-rc1098.b666422863b2
2.31-rc1107.2354f08725a_8
2.31-rc1118.fdcd7d8898ff

1119.*

1119.v509e1017356b_

1133.*

1133.v0f5420f85053

1139.*

1139.v888b_656ca_f6d

1146.*

1146.v94c2521f9213

1148.*

1148.v8607da_ef251e

1155.*

1155.v28a_46a_cc06a_5

1156.*

1156.v536a_97b_8d649

1163.*

1163.ve82c7c6e60a_3

1165.*

1165.v8cc9fd1f4597

1166.*

1166.vc9f255f45b_8a

1170.*

1170.v8a_c085b_dd49c

1171.*

1171.v04b_66d78555e

1176.*

1176.v1b_4290db_41a_5

1183.*

1183.v6e2785ff75e0

1187.*

1187.v2a_b_1ca_54d18d

1191.*

1191.v168c8c2b_956a

1198.*

1198.v4d5736c2308c

1206.*

1206.vc8967cc8a_2cb_

1207.*

1207.vd28a_54732f92

1212.*

1212.vd4470d08ff12

1227.*

1227.v7a_79fc4dc01f

Database specific

{
    "last_known_affected_version_range": "<= 1227.v7a"
}