Jenkins HTML Publisher Plugin CVE-2018-1000175 Directory Traversal Vulnerability
BID:104219
Info
Jenkins HTML Publisher Plugin CVE-2018-1000175 Directory Traversal Vulnerability
| Bugtraq ID: | 104219 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-1000175 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 16 2018 12:00AM |
| Updated: | Apr 16 2018 12:00AM |
| Credit: | Kalle Niemitalo, Procomp Solutions Oy. |
| Vulnerable: |
Jenkins-Ci HTML Publisher Plugin 1.15 |
| Not Vulnerable: |
Jenkins-Ci HTML Publisher Plugin 1.16 |
Discussion
Jenkins HTML Publisher Plugin CVE-2018-1000175 Directory Traversal Vulnerability
HTML Publisher Plugin for Jenkins is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks.
Versions prior to Jenkins HTML Publisher Plugin for Jenkins 1.16 are affected.
HTML Publisher Plugin for Jenkins is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks.
Versions prior to Jenkins HTML Publisher Plugin for Jenkins 1.16 are affected.