Description

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2018-04-16/

Related Vulnerabilities

CVE-2021-24122 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-37478 Vulnerability in npm package @pnpm/linuxstatic-arm64

CVE-2016-4430 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-standard-processors

CVE-2013-2133 Vulnerability in maven package org.wildfly:wildfly-ejb3

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory