Description

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2018-04-16/

Related Vulnerabilities

CVE-2019-10401 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2013-6397 Vulnerability in maven package org.apache.solr:solr-core

CVE-2018-1000665 Vulnerability in maven package org.webjars.bowergithub.dojo:dojo

CVE-2018-11788 Vulnerability in maven package org.apache.karaf.specs:org.apache.karaf.specs.java.xml

CVE-2015-1836 Vulnerability in maven package org.apache.hbase:hbase-client

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory