Description

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2018-04-16/

Related Vulnerabilities

CVE-2023-34434 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2018-8032 Vulnerability in maven package org.apache.axis:axis

CVE-2012-3544 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2015-1806 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2016-0706 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory