ID CVE-2023-41933
Summary Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:job_configuration_history:1.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1.11:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1.12:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1.12:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1.13:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1.13:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.11:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.12:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.12:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.13:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.13:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.14:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.14:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.15:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.15:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.16:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.16:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.17:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.17:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.18:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.18:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.18.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.18.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.18.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.18.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.18.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.18.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.19:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.19:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.20:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.20:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.21:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.21:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.22:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.22:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.23:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.23:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.23.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.23.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.24:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.24:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.25:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.25:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.26:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.26:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.27:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.27:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.28:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.28:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.28.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.28.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.29:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.29:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.29-rc1073.41ef89cf4e15:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.29-rc1073.41ef89cf4e15:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.30:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.30:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.31-rc1092.de9e11acbcf3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.31-rc1092.de9e11acbcf3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.31-rc1098.b666422863b2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.31-rc1098.b666422863b2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.31-rc1107.2354f08725a_8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.31-rc1107.2354f08725a_8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:2.31-rc1118.fdcd7d8898ff:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:2.31-rc1118.fdcd7d8898ff:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1119.v509e1017356b_:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1119.v509e1017356b_:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1133.v0f5420f85053:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1133.v0f5420f85053:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1139.v888b_656ca_f6d:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1139.v888b_656ca_f6d:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1146.v94c2521f9213:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1146.v94c2521f9213:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1155.v28a_46a_cc06a_5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1155.v28a_46a_cc06a_5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1156.v536a_97b_8d649:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1156.v536a_97b_8d649:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1163.ve82c7c6e60a_3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1163.ve82c7c6e60a_3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1165.v8cc9fd1f4597:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1165.v8cc9fd1f4597:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1166.vc9f255f45b_8a:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1166.vc9f255f45b_8a:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1170.v8a_c085b_dd49c:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1170.v8a_c085b_dd49c:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1171.v04b_66d78555e:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1171.v04b_66d78555e:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1176.v1b_4290db_41a_5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1176.v1b_4290db_41a_5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1183.v6e2785ff75e0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1183.v6e2785ff75e0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1187.v2a_b_1ca_54d18d:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1187.v2a_b_1ca_54d18d:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1191.v168c8c2b_956a:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1191.v168c8c2b_956a:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1198.v4d5736c2308c:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1198.v4d5736c2308c:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1206.vc8967cc8a_2cb:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1206.vc8967cc8a_2cb:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1207.vd28a_54732f92:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1207.vd28a_54732f92:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1212.vd4470d08ff12:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1212.vd4470d08ff12:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1227.v7a_79fc4dc01f:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1227.v7a_79fc4dc01f:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:job_configuration_history:1229.v3039470161a_d:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:job_configuration_history:1229.v3039470161a_d:*:*:*:*:jenkins:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-611
CAPEC
  • XML External Entities Blowup
    This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 11-09-2023 - 20:33
Published 06-09-2023 - 13:15
Last modified 11-09-2023 - 20:33
Back to Top