CVE-2018-1000175
MEDIUMJenkins HTML Publisher Plugin <1.15 - Path Traversal
Title source: llmDescription
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2018-04-16/
Scores
CVSS v3
6.5
EPSS
0.0034
EPSS Percentile
56.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (2)
jenkins/html_publisher
< 1.15
org.jenkins-ci.plugins/htmlpublisher
0 - 1.16Maven
Published
May 08, 2018
Tracked Since
Feb 18, 2026