Description

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2018-04-16/

Related Vulnerabilities

CVE-2023-37478 Vulnerability in npm package @pnpm/macos-x64

CVE-2019-10282 Vulnerability in maven package hudson.plugins.klaros:klaros-testmanagement

CVE-2013-4322 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2022-24858 Vulnerability in npm package next-auth

CVE-2015-5346 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory