Description

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2018-04-16/

Related Vulnerabilities

CVE-2017-0783 Vulnerability in maven package org.apache.openmeetings:openmeetings-web

CVE-2015-5207 Vulnerability in npm package cordova-ios

CVE-2015-8862 Vulnerability in maven package org.webjars.npm:mustache

CVE-2016-0781 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login

CVE-2017-1000006 Vulnerability in maven package org.webjars.bowergithub.plotly:plotly.js

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory