GHSA-4x63-3p7q-xmh7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4x63-3p7q-xmh7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4x63-3p7q-xmh7/GHSA-4x63-3p7q-xmh7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4x63-3p7q-xmh7
- Aliases
- Published
- 2022-05-14T03:18:39Z
- Modified
- 2024-02-21T05:31:48.134224Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Jenkins HTML Publisher Plugin path traversal vulnerability
- Details
-
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. In version 1.16, non-alphanumeric characters in report names are escaped for use as part of a URL and as a directory name.
- Database specific
{ "nvd_published_at": "2018-05-08T15:29:00Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-12-12T16:55:41Z" }- References
Affected packages
Maven / org.jenkins-ci.plugins:htmlpublisher
Package
- Name
- org.jenkins-ci.plugins:htmlpublisher
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/htmlpublisher
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.16