CVE-2023-41932

Name of the Vulnerable Software and Affected Versions Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier

Description The issue allows attackers to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called history.xml. This is due to the lack of restriction on timestamp query parameters in multiple endpoints.

Recommendations For Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier, consider restricting access to the vulnerable endpoints until a patch is available. As a temporary workaround, avoid using the timestamp query parameter in affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.