Description
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
Remediation
References
https://jenkins.io/security/advisory/2018-04-16/
Related Vulnerabilities
CVE-2021-21348 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2020-11996 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2020-2306 Vulnerability in maven package org.jenkins-ci.plugins:mercurial
CVE-2023-33942 Vulnerability in maven package com.liferay:com.liferay.asset.browser.web
CVE-2023-37959 Vulnerability in maven package org.jenkins-ci.plugins:sumologic-publisher