org.jenkins-ci.plugins:jobConfigHistory

Maven7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jenkins-ci.plugins:jobConfigHistorypage 1 of 1

CVE-2018-1000416MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.18.1
2019-01-09
vulnerable: 1.10 ... 2.9 (23 versions)
A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access.
CVE-2022-36887MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1156.v536a_97b_8d649
2022-07-27
vulnerable: 1.10 ... 2.9 (51 versions)
A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions…
CVE-2022-38664MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1166.vc9f255f45b
2022-08-23
vulnerable: 1.10 ... 2.9 (54 versions)
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to …
CVE-2023-41930MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1229.v3039470161a_d
2023-09-06
vulnerable: 1.10 ... 2.9 (66 versions)
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was no…
CVE-2023-41931MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1229.v3039470161a_d
2023-09-06
vulnerable: 1.10 ... 2.9 (66 versions)
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scr…
CVE-2023-41932MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1229.v3039470161a_d
2023-09-06
vulnerable: 1.10 ... 2.9 (66 versions)
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file …
CVE-2023-41933HIGHCVSS 8.8EG 8.8✓ Fixed in 1229.v3039470161a_d
2023-09-06
vulnerable: 1.10 ... 2.9 (66 versions)
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Check whether org.jenkins-ci.plugins:jobConfigHistory is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:jobConfigHistory CVEs against the assets you own.

Start Free Scan →