CVE-2023-41930

Name of the Vulnerable Software and Affected Versions Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier

Description The issue allows attackers to manipulate the configuration history rendered by Jenkins, as the 'name' query parameter is not restricted when rendering a history entry. This can lead to Jenkins rendering a manipulated configuration history that was not created by the plugin. The name query parameter is vulnerable to manipulation.

Recommendations For Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier, consider restricting access to the vulnerable name query parameter until a patch is available. As a temporary workaround, avoid using the name query parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.