CVE-2023-41931

Vulnerability

The Jenkins Job Configuration History Plugin, versions 1227.v7a_79fc4dc01f and earlier, contains a stored cross-site scripting (XSS) vulnerability. The plugin fails to properly sanitize or escape the timestamp value from history entries when rendering them on the history view, as described in the Jenkins security advisory [1]. While timestamp values in genuine entries are numeric and thus benign, an attacker can manipulate this field to inject malicious script code [1].

Exploitation

This vulnerability is exploitable by attackers with the ability to create or control a file on the Jenkins controller (e.g., via archived artifacts) combined with a separate path traversal flaw (CVE-2023-41930) that bypasses the plugin’s name query parameter restriction [1]. The history view will then render the crafted timestamp containing XSS payload, leading to script execution in the context of the victim’s browser [1].

Impact

A successful exploit allows an attacker to execute arbitrary JavaScript in the Jenkins interface, potentially leading to session hijacking, credential theft, or other malicious actions performed as the victim user [1][3].

Mitigation

The Jenkins Security Advisory 2023-09-06 recommends upgrading to Job Configuration History Plugin version 1229.v3039470161a_d or later [2]. This fixed version restricts the name query parameter and properly escapes timestamp values in history view entries [1].