Description

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2018-04-16/

Related Vulnerabilities

CVE-2021-21379 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-wikimacro-store

CVE-2017-1000354 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-2242 Vulnerability in maven package org.jenkins-ci.plugins:database

CVE-2011-4343 Vulnerability in maven package org.apache.myfaces.core:myfaces-impl

CVE-2022-37435 Vulnerability in maven package org.apache.shenyu:shenyu-admin

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory