cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-41930,https://securityvulnerability.io/vulnerability/CVE-2023-41930,,"Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin.",Jenkins,Jenkins Job Configuration History Plugin,4.3,MEDIUM,0.001820000004954636,false,false,false,false,,false,false,2023-09-06T13:15:00.000Z,0
CVE-2023-41931,https://securityvulnerability.io/vulnerability/CVE-2023-41931,,"Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.",Jenkins,Jenkins Job Configuration History Plugin,5.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2023-09-06T13:15:00.000Z,0
CVE-2023-41933,https://securityvulnerability.io/vulnerability/CVE-2023-41933,Security Flaw in Jenkins Job Configuration History Plugin by Jenkins,"The Jenkins Job Configuration History Plugin version 1227.v7a_79fc4dc01f and earlier lacks proper configuration for its XML parser, making it prone to XML External Entity (XXE) attacks. This vulnerability allows attackers to exploit the XML parser to read sensitive files from the server or perform internal network requests. Ensuring that XML external entities are disabled in the parser configuration can mitigate the risks associated with this vulnerability.",Jenkins,Jenkins Job Configuration History Plugin,8.8,HIGH,0.0007800000021234155,false,false,false,false,,false,false,2023-09-06T13:15:00.000Z,0
CVE-2023-41932,https://securityvulnerability.io/vulnerability/CVE-2023-41932,,"Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'.",Jenkins,Jenkins Job Configuration History Plugin,6.5,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-09-06T13:15:00.000Z,0
CVE-2022-38664,https://securityvulnerability.io/vulnerability/CVE-2022-38664,,"Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.",Jenkins,Jenkins Job Configuration History Plugin,5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-08-23T16:45:31.000Z,0
CVE-2022-36887,https://securityvulnerability.io/vulnerability/CVE-2022-36887,,"A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations.",Jenkins,Jenkins Job Configuration History Plugin,4.3,MEDIUM,0.0010600000387057662,false,false,false,false,,false,false,2022-07-27T14:22:04.000Z,0