2023-09-06 12:08:52
jenkins
PUBLISHED
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the name query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin.