Description

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2018-04-16/

Related Vulnerabilities

CVE-2022-42466 Vulnerability in maven package org.apache.isis.core:isis-applib

CVE-2023-45134 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2019-10466 Vulnerability in maven package org.jenkins-ci.plugins.plugin:fireline

CVE-2022-37423 Vulnerability in maven package org.neo4j.procedure:apoc

CVE-2015-1814 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory