VYPR
← All advisories
Moderate severityOSV Advisory· Published Jan 9, 2019· Updated Aug 5, 2024

CVE-2018-1000416

CVE-2018-1000416

Description

Reflected XSS in Jenkins Job Config History Plugin 2.18 and earlier allows attackers with Job/Configure access to inject arbitrary HTML.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Reflected XSS in Jenkins Job Config History Plugin 2.18 and earlier allows attackers with Job/Configure access to inject arbitrary HTML.

Vulnerability

A reflected cross-site scripting (XSS) vulnerability exists in Jenkins Job Config History Plugin version 2.18 and earlier [1][2]. It affects all Jelly files that display attacker-supplied HTML in Jenkins. The vulnerability requires that the attacker has Job/Configure permission [2].

Exploitation

An attacker with Job/Configure access can craft a malicious URL containing JavaScript code. When a legitimate user (with the same or higher privileges) visits the crafted URL, the injected script executes in the context of Jenkins [1][2]. No further authentication or special network position is required beyond the initial access.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking, UI manipulation, or theft of sensitive information displayed on the page [1][2]. The attack is reflected, so it only affects the victim that clicks the malicious link.

Mitigation

Jenkins released a fix in version 2.19 of the Job Config History Plugin as part of the 2018-09-25 security advisory [1]. Users should upgrade to version 2.19 or later. The commit introducing the fix is available at [3]. If upgrade is not immediately possible, restrict Job/Configure access to trusted users only.

References
  1. Jenkins Security Advisory 2018-09-25
  2. NVD - CVE-2018-1000416
  3. [SECURITY-1130] · jenkinsci/job-config-history-plugin@38ea4ed

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:jobConfigHistoryMaven
< 2.18.12.18.1

Affected products

2

Patches

1
38ea4ed7e352

[SECURITY-1130]

https://github.com/jenkinsci/job-config-history-pluginJochen FürbacherSep 12, 2018via ghsa
commit
16 files changed · +16 0
  • src/main/resources/hudson/plugins/jobConfigHistory/ComputerConfigHistoryAction/configOutput.jelly+1 0 modified
    @@ -1,6 +1,7 @@
 <!--

   Displays the config output as plain text or xml

 -->

+<?jelly escape-by-default='true'?>

 <st:compress xmlns:j="jelly:core" xmlns:st="jelly:stapler">

   <j:choose>

     <j:when test="${request.getParameter('type').equals('xml')}">
  • src/main/resources/hudson/plugins/jobConfigHistory/ComputerConfigHistoryAction/index.jelly+1 0 modified
    @@ -1,3 +1,4 @@
+<?jelly escape-by-default='true'?>

 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">

   <l:layout title="Agent Configuration History">

     <st:include it="${it.slave.toComputer()}" page="sidepanel.jelly" />
  • src/main/resources/hudson/plugins/jobConfigHistory/ComputerConfigHistoryAction/restoreQuestion.jelly+1 0 modified
    @@ -1,3 +1,4 @@
+<?jelly escape-by-default='true'?>

 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">

   <l:layout title="Agent Configuration History" css="/plugin/jobConfigHistory/diff_highlight.css">

     <st:include it="${it.slave.toComputer()}" page="sidepanel.jelly" />
  • src/main/resources/hudson/plugins/jobConfigHistory/ComputerConfigHistoryAction/showDiffFiles.jelly+1 0 modified
    @@ -1,3 +1,4 @@
+ <?jelly escape-by-default='true'?>

  <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">

   <l:layout title="Job Configuration History" css="/plugin/jobConfigHistory/diff_highlight.css">

     <st:include it="${app}" page="sidepanel.jelly" />
  • src/main/resources/hudson/plugins/jobConfigHistory/JobConfigBadgeAction/badge.jelly+1 0 modified
    @@ -1,3 +1,4 @@
+<?jelly escape-by-default='true'?>

 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">

   <j:if test="${it.showBadge() and it.oldConfigsExist()}">

 	<a href="${it.createLink()}" id="showDiff">
  • src/main/resources/hudson/plugins/jobConfigHistory/JobConfigHistory/config.jelly+1 0 modified
    @@ -1,3 +1,4 @@
+<?jelly escape-by-default='true'?>

 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">

   <f:section title="${%Job Config History}">
  • src/main/resources/hudson/plugins/jobConfigHistory/JobConfigHistoryProjectAction/configOutput.jelly+1 0 modified
    @@ -1,6 +1,7 @@
 <!--

   Displays the config output as plain text or xml

 -->

+<?jelly escape-by-default='true'?>

 <st:compress xmlns:j="jelly:core" xmlns:st="jelly:stapler">

   <j:choose>

     <j:when test="${request.getParameter('type').equals('xml')}">
  • src/main/resources/hudson/plugins/jobConfigHistory/JobConfigHistoryProjectAction/index.jelly+1 0 modified
    @@ -1,3 +1,4 @@
+<?jelly escape-by-default='true'?>

 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">

   <l:layout title="Job Configuration History">

     <st:include it="${it.project}" page="sidepanel.jelly" />
  • src/main/resources/hudson/plugins/jobConfigHistory/JobConfigHistoryProjectAction/restoreQuestion.jelly+1 0 modified
    @@ -1,3 +1,4 @@
+<?jelly escape-by-default='true'?>

 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">

   <l:layout title="Job Configuration History" css="/plugin/jobConfigHistory/diff_highlight.css">

     <st:include it="${it.project}" page="sidepanel.jelly" />
  • src/main/resources/hudson/plugins/jobConfigHistory/JobConfigHistoryProjectAction/showDiffFiles.jelly+1 0 modified
    @@ -1,3 +1,4 @@
+<?jelly escape-by-default='true'?>

 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">

   <l:layout title="Job Configuration History" css="/plugin/jobConfigHistory/diff_highlight.css">

     <st:include it="${it.project}" page="sidepanel.jelly" />
  • src/main/resources/hudson/plugins/jobConfigHistory/JobConfigHistoryRootAction/configOutput.jelly+1 0 modified
    @@ -1,6 +1,7 @@
 <!--

   Displays the config output as plain text or xml

 -->

+<?jelly escape-by-default='true'?>

 <st:compress xmlns:j="jelly:core" xmlns:st="jelly:stapler">

   <j:choose>

     <j:when test="${request.getParameter('type').equals('xml')}">
  • src/main/resources/hudson/plugins/jobConfigHistory/JobConfigHistoryRootAction/history.jelly+1 0 modified
    @@ -1,3 +1,4 @@
+<?jelly escape-by-default='true'?>

 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">

   <l:layout title="Job Configuration History">

     <j:set var="name" value="${request.getParameter('name')}"/>
  • src/main/resources/hudson/plugins/jobConfigHistory/JobConfigHistoryRootAction/index.jelly+1 0 modified
    @@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>

+<?jelly escape-by-default='true'?>

 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">

   <l:layout title="${%All Configuration History}">

     <l:side-panel>
  • src/main/resources/hudson/plugins/jobConfigHistory/JobConfigHistoryRootAction/restoreQuestion.jelly+1 0 modified
    @@ -1,3 +1,4 @@
+<?jelly escape-by-default='true'?>

 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">

   <l:layout title="Job Configuration History" css="/plugin/jobConfigHistory/diff_highlight.css">

     <l:main-panel>
  • src/main/resources/hudson/plugins/jobConfigHistory/JobConfigHistoryRootAction/showDiffFiles.jelly+1 0 modified
    @@ -1,3 +1,4 @@
+<?jelly escape-by-default='true'?>

 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">

   <l:layout title="Job Configuration History" css="/plugin/jobConfigHistory/diff_highlight.css">

     <l:side-panel>
  • src/main/resources/index.jelly+1 0 modified
    @@ -1,3 +1,4 @@
+<?jelly escape-by-default='true'?>

 <div>

     Job history plugin for Jenkins.

 </div>
\ No newline at end of file

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.