CVE-2023-41931

Name of the Vulnerable Software and Affected Versions Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the timestamp value from history entries is not properly sanitized or escaped when rendering a history entry on the history view. This allows for malicious scripts to be stored and executed, potentially leading to security breaches.

Recommendations For Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier, consider disabling the rendering of history entries on the history view until a patch is available. Restrict access to the history view to minimize the risk of exploitation. Avoid using the timestamp value from history entries in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.