Description
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
Remediation
References
https://jenkins.io/security/advisory/2018-04-16/
Related Vulnerabilities
CVE-2016-0779 Vulnerability in maven package org.apache.tomee:openejb-core
CVE-2015-5345 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2018-1999031 Vulnerability in maven package org.jenkins-ci.plugins:meliora-testlab
CVE-2017-15691 Vulnerability in maven package org.apache.uima:jvinci
CVE-2015-0250 Vulnerability in maven package org.apache.xmlgraphics:batik-dom