Vulnerabilities > CVE-2023-41933 - XXE vulnerability in Jenkins JOB Configuration History

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

jenkins

CWE-611

NVD

Published: 2023-09-06

Updated: 2023-09-11

Summary

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins JOB Configuration History 1.9 Jenkins JOB Configuration History 1.10 Jenkins JOB Configuration History 1.11 Jenkins JOB Configuration History 1.12 Jenkins JOB Configuration History 1.13 Jenkins JOB Configuration History 2.0 Jenkins JOB Configuration History 2.1 Jenkins JOB Configuration History 2.1.1 Jenkins JOB Configuration History 2.2 Jenkins JOB Configuration History 2.3 Jenkins JOB Configuration History 2.4 Jenkins JOB Configuration History 2.5 Jenkins JOB Configuration History 2.6 Jenkins JOB Configuration History 2.8 Jenkins JOB Configuration History 2.9 Jenkins JOB Configuration History 2.10 Jenkins JOB Configuration History 2.11 Jenkins JOB Configuration History 2.12 Jenkins JOB Configuration History 2.13 Jenkins JOB Configuration History 2.14 Jenkins JOB Configuration History 2.15 Jenkins JOB Configuration History 2.16 Jenkins JOB Configuration History 2.17 Jenkins JOB Configuration History 2.18 Jenkins JOB Configuration History 2.18.1 Jenkins JOB Configuration History 2.18.2 Jenkins JOB Configuration History 2.18.3 Jenkins JOB Configuration History 2.19 Jenkins JOB Configuration History 2.20 Jenkins JOB Configuration History 2.21 Jenkins JOB Configuration History 2.22 Jenkins JOB Configuration History 2.23 Jenkins JOB Configuration History 2.23.1 Jenkins JOB Configuration History 2.24 Jenkins JOB Configuration History 2.25 Jenkins JOB Configuration History 2.26 Jenkins JOB Configuration History 2.27 Jenkins JOB Configuration History 2.28 Jenkins JOB Configuration History 2.28.1 Jenkins JOB Configuration History 2.29 Jenkins JOB Configuration History 2.29-Rc1073.41Ef89Cf4E15 Jenkins JOB Configuration History 2.30 Jenkins JOB Configuration History 2.31-Rc1092.De9E11Acbcf3 Jenkins JOB Configuration History 2.31-Rc1098.B666422863B2 Jenkins JOB Configuration History 2.31-Rc1107.2354F08725A_8 Jenkins JOB Configuration History 2.31-Rc1118.Fdcd7D8898Ff Jenkins JOB Configuration History 1119.V509E1017356B_ Jenkins JOB Configuration History 1133.V0F5420F85053 Jenkins JOB Configuration History 1139.V888B_656Ca_F6D Jenkins JOB Configuration History 1146.V94C2521F9213 Jenkins JOB Configuration History 1155.V28A_46A_Cc06A_5 Jenkins JOB Configuration History 1156.V536A_97B_8D649 Jenkins JOB Configuration History 1163.Ve82C7C6E60A_3 Jenkins JOB Configuration History 1165.V8Cc9Fd1F4597 Jenkins JOB Configuration History 1166.Vc9F255F45B_8A Jenkins JOB Configuration History 1170.V8A_C085B_Dd49C Jenkins JOB Configuration History 1171.V04B_66D78555E Jenkins JOB Configuration History 1176.V1B_4290Db_41A_5 Jenkins JOB Configuration History 1183.V6E2785Ff75E0 Jenkins JOB Configuration History 1187.V2A_B_1Ca_54D18D Jenkins JOB Configuration History 1191.V168C8C2B_956A Jenkins JOB Configuration History 1198.V4D5736C2308C Jenkins JOB Configuration History 1206.Vc8967Cc8A_2Cb Jenkins JOB Configuration History 1207.Vd28A_54732F92 Jenkins JOB Configuration History 1212.Vd4470D08Ff12 Jenkins JOB Configuration History 1227.V7A_79Fc4Dc01F Jenkins JOB Configuration History 1229.V3039470161A_D	67

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References