Description

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2018-04-16/

Related Vulnerabilities

CVE-2023-47112 Vulnerability in maven package org.rundeck:rundeck

CVE-2017-2654 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2018-1317 Vulnerability in maven package org.apache.zeppelin:zeppelin

CVE-2019-10449 Vulnerability in maven package org.jenkins-ci.plugins:fortify-on-demand-uploader

CVE-2020-11022 Vulnerability in maven package org.fujion.webjars:jquery

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory