{"api_version":"1","generated_at":"2026-06-02T17:41:43+00:00","cve":"CVE-2018-1000175","urls":{"html":"https://cve.report/CVE-2018-1000175","api":"https://cve.report/api/cve/CVE-2018-1000175.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-1000175","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000175"},"summary":{"title":"CVE-2018-1000175","description":"A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-05-08 15:29:00","updated_at":"2018-06-13 15:02:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://jenkins.io/security/advisory/2018-04-16/","name":"https://jenkins.io/security/advisory/2018-04-16/","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Jenkins Security Advisory 2018-04-16","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-1000175","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000175","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"1000175","vulnerable":"1","versionEndIncluding":"1.15","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jenkins","cpe5":"html_publisher","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"jenkins","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","DATE_ASSIGNED":"2018-04-30T20:15:49.356501","DATE_REQUESTED":"2018-04-16T00:00:00","ID":"CVE-2018-1000175","REQUESTER":"ml@beckweb.net","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://jenkins.io/security/advisory/2018-04-16/","refsource":"CONFIRM","url":"https://jenkins.io/security/advisory/2018-04-16/"}]}},"nvd":{"publishedDate":"2018-05-08 15:29:00","lastModifiedDate":"2018-06-13 15:02:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:jenkins:html_publisher:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1.15","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"1000175","Ordinal":"127256","Title":"CVE-2018-1000175","CVE":"CVE-2018-1000175","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"1000175","Ordinal":"1","NoteData":"A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"1000175","Ordinal":"2","NoteData":"2018-05-08","Type":"Other","Title":"Published"}]}}}