Description
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
Remediation
References
https://jenkins.io/security/advisory/2018-04-16/
Related Vulnerabilities
CVE-2019-10401 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2013-6397 Vulnerability in maven package org.apache.solr:solr-core
CVE-2018-1000665 Vulnerability in maven package org.webjars.bowergithub.dojo:dojo
CVE-2018-11788 Vulnerability in maven package org.apache.karaf.specs:org.apache.karaf.specs.java.xml
CVE-2015-1836 Vulnerability in maven package org.apache.hbase:hbase-client