Description

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2018-04-16/

Related Vulnerabilities

CVE-2016-3088 Vulnerability in maven package org.apache.activemq:apache-activemq

CVE-2020-2153 Vulnerability in maven package org.jenkins-ci.plugins:backlog

CVE-2019-1003041 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2021-25122 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:catalina

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory