GHSA-ghjw-fcf6-rpr9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-ghjw-fcf6-rpr9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-ghjw-fcf6-rpr9/GHSA-ghjw-fcf6-rpr9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-ghjw-fcf6-rpr9
- Aliases
-
- CVE-2023-41933
- Published
- 2023-09-06T15:30:26Z
- Modified
- 2024-02-16T08:20:12.509701Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability
- Details
-
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- Database specific
{ "cwe_ids": [ "CWE-611" ], "github_reviewed": true, "github_reviewed_at": "2024-01-09T20:58:13Z", "nvd_published_at": "2023-09-06T13:15:10Z", "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-41933
- https://github.com/jenkinsci/job-config-history-plugin/commit/3039470161ada86f4091c75fc779ebfdb69f3210
- https://github.com/jenkinsci/job-config-history-plugin
- https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3235
- http://www.openwall.com/lists/oss-security/2023/09/06/9
Affected packages
Maven / org.jenkins-ci.plugins:jobConfigHistory
Package
- Name
- org.jenkins-ci.plugins:jobConfigHistory
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/jobConfigHistory
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1229.v3039470161a_d
Affected versions
1.*
1.10
1.11
1.12
1.13
2.*
2.0
2.1
2.1.1
2.2
2.3
2.4
2.5
2.6
2.8
2.9
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18
2.18.1
2.18.2
2.18.3
2.19
2.20
2.21
2.22
2.23
2.23.1
2.24
2.25
2.26
2.27
2.28
2.28.1
2.29-rc1073.41ef89cf4e15
2.29
2.30
2.31-rc1092.de9e11acbcf3
2.31-rc1098.b666422863b2
2.31-rc1107.2354f08725a_8
2.31-rc1118.fdcd7d8898ff
1119.*
1119.v509e1017356b_
1133.*
1133.v0f5420f85053
1139.*
1139.v888b_656ca_f6d
1146.*
1146.v94c2521f9213
1148.*
1148.v8607da_ef251e
1155.*
1155.v28a_46a_cc06a_5
1156.*
1156.v536a_97b_8d649
1163.*
1163.ve82c7c6e60a_3
1165.*
1165.v8cc9fd1f4597
1166.*
1166.vc9f255f45b_8a
1170.*
1170.v8a_c085b_dd49c
1171.*
1171.v04b_66d78555e
1176.*
1176.v1b_4290db_41a_5
1183.*
1183.v6e2785ff75e0
1187.*
1187.v2a_b_1ca_54d18d
1191.*
1191.v168c8c2b_956a
1198.*
1198.v4d5736c2308c
1206.*
1206.vc8967cc8a_2cb_
1207.*
1207.vd28a_54732f92
1212.*
1212.vd4470d08ff12
1227.*
1227.v7a_79fc4dc01f