CVE-2023-41930: 
Java vulnerability analysis and mitigation

The Jenkins Job Configuration History Plugin version 1227.v7a_79fc4dc01f and earlier contains a path traversal vulnerability (CVE-2023-41930) discovered in September 2023. The vulnerability affects the plugin's history entry rendering functionality, where it fails to properly restrict the 'name' query parameter, allowing attackers to manipulate the configuration history display (Jenkins Advisory, NVD).

The vulnerability stems from improper input validation where the plugin does not restrict the 'name' query parameter when rendering a history entry. This path traversal vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NVD).

The vulnerability allows attackers to have Jenkins render a manipulated configuration history that was not created by the plugin. When combined with another vulnerability (CVE-2023-41931), it can lead to a stored cross-site scripting (XSS) vulnerability that is exploitable by attackers with the ability to create files on the controller, such as through archived artifacts (Jenkins Advisory).

The vulnerability has been fixed in Job Configuration History Plugin version 1229.v3039470161a_d. The update restricts the name query parameter when rendering a history entry and implements proper input validation. Users are strongly advised to upgrade to this version to mitigate the vulnerability (Jenkins Advisory).

The vulnerability was discovered and reported by Andrea Chiera from CloudBees, Inc., demonstrating the active security research within the Jenkins community. The Jenkins security team promptly addressed the issue by releasing a fix and providing detailed advisory information (Jenkins Advisory).