First published: Tue May 08 2018(Updated: )
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Html Publisher | <=1.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1000175 is a path traversal vulnerability that exists in Jenkins HTML Publisher Plugin 1.15 and older.
The severity of CVE-2018-1000175 is medium with a CVSS score of 6.5.
CVE-2018-1000175 allows attackers who are able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
To mitigate CVE-2018-1000175, it is recommended to update Jenkins HTML Publisher Plugin to version 1.16 or later.
More information about CVE-2018-1000175 can be found at the following link: [CVE-2018-1000175](https://jenkins.io/security/advisory/2018-04-16/).